I wonder if this was in use (for legitimate uses) by anyone prior to its omg-security-breach discovery, and if their use still works. Quite a few Windows applications look in their folder first for DLLs - checking the loaded-file path could conceivably make the same kind of sense. Or just not accounting for current-directory changes when launching with a file (not entirely sure what the behavior is there).