this is in the article i just posted, on the FRONT PAGE (sigh) :
When you access a office document from a library as an Untrusted Client (even though your login credentials are already authenticated by the browser session cookie) when an
Office Application opens, IE does not pass authentication/trust/token to the next application to gain the same access that is already trusted with IE. The additional log-in prompts is because the documents opened with Office 2003/2007 are trying to re-establish
a trust per application, because the client machine is not trusted from a public web and a new authentication is requested.
This "by design" and you'll have at least two logon prompts in such a scenario,
1st for the browser to access the SharePoint site,
2nd for the office application when you open a document from a library.