Those are very real concerns regarding IE6. I haven't seen IE7 virtualized on Windows 7, but I have seen IE6 and IE7 virtualized in Windows XP.
I understand what it's like to know that management won't support a decision, not based on knowledge or facts, but opinion about a particular version, brand, or industry movement. I do think, though, that because the BHO only opens your internal company apps in IE6 for compatibility, that there's no additional security risk because the users can't launch it. If they go anywhere else from IE6, it'll open in the default browser.
You may have a valid point about the functionality. I assumed that all that matters for internal apps is that they work, but users may be very used to features like tabbed browsing and throw a fit if those were to go missing.
This is usually where I blame the developers. Have you tried blaming the developers yet? Okay, I'm only joking.
If you choose to patch XP Mode with Altiris, you will have an additional node count from everything I understand. If that's ammo to management, I'm not sure what I can do to help.