No, they're not. Back in the days of trusted, homogeneous NetBIOS LANs, some clever designer at Microsoft decided to put "intelligence" into controls, because it seemed like an intelligent thing to do. And it does, in a world where security is not a concern.
On the upside, I gather it makes watertight DRM voodoo impossible to implement on Wintendo boxen...
Fuck me! That's crazy! As if a control should have the ability to WHAT EVER is in the messages sent to it! I was under the impression controls in windows were drawn and managed by the application, like in X - clicking on a button essentially told the application to run a sub-routine that would handle the input - if the input was bogus nothing would get done. What a stupid concept.