Obviously, the Shatter Attack isn't the real problem. The problem is the email virus that could deliver the attack or any other delivery vehicle that gives an attacker remote or physical access to a user's system. Thus, the details of the attack matter little. [links added]
— Paul Thurrott, Windows and .NET Magazine
They are both problems, if your security model doesn't allow for the possiblity that an end-user system will be compromised. It is not wise to ignore the potential of privilege escalation. You can limit the avenues of attack, but as long as the computer is on there will be an opportunity.