Hi TuckerX,
Well let us anser this last question also as good as we can. The Quttera scans all the files heuristically. If it detects something out of the ordinairy it flags that anomality. That could be a cript that runs slightly longer as expected or has some aspects of suspicious files.
These finds are not real malicious files. They could be suspicious or something not earlier detected, but then it should be supported from other scans. I never go by the results of one scanner, I use quite a plethora depending on what I expect to find or not to find there. You can also run an URL through a javascript unpacker scan service. Same story there unexpected hick-ups are found as potentially suspicious. So in the previousd example of "external-interface-and-swfobject-js" if you invoke it there it throws up an error in javascript and that is flagged by the analysis (some parameter was not set or the developer forgot about that). So we are not talking about severe logical errors here and so as you put it we can easily ignore these code hick-ups.
If we had a report from a sucuri's scan or a wepawet scan about malicious content found or a blacklisting status of the site or a WOT bad web report, that would mean quite another kettle of "phish" and of course I would have reported that here.
Dissecting these potential website threats or finding they aren't there can be fun,
polonus