It doesn’t load random dlls, it will only load dlls requested by an exe or dll. But those could in theory be hacked and swapped.
You need to actually have a user dumb enough to move things around, or modify paths to cause this to be an issue. Or modify the default behavior of IE to cause it.
This problem has been around for 4 years at the very least, and as you say above, there's no way to protect a computer from infection if the user doesn't know what they're doing.
Leave downloads in a download directory and everything will be OK. Or be smart enough to NOT download/accept DLLs and EXEs from unknown sites.