Some scripts just don't run in WP IE and most of malicious content works that way. Also even if any code got into the system, it still won't have the file system access API's as only the apps who ask MS for it get it. It may remain dormant and get to your PC when you sync assuming the system doesn't recognize it and sanitize it.
IN short, you're safe for now on WP.