It's the HTML-to-DOM translation in jQuery.clean. A new div is created using context.createElement("div") and the incoming HTML converted by assigning to div.innerHTML. Since the div isn't attached to any document, IE seems to assume the worst and uses a restricted security zone. If you append the div to the document body before using innerHTML and remove it afterwards, the script is processed in the right zone:
// Go to html and back, then peel off extra wrappers
div.innerHTML = wrap + elem + wrap;
This would need to be tightened up and tested; I'd hate to make jQuery.clean any slower. A workaround for the reporter would be to put all the scripts in the intranet-zone document and attach event handlers there rather than injecting them via html strings, which is the preferred way to do it anyway.