They need to work on a slick GUI and an easy-to-use environment if they expect to succeed. It is possible to implement both (security and usability), chroot is NOT any security at all and is just a waste of harddisk space (I prefer real security over emulated security, chroot does not really protect over too many vulnerabilities. I believe OpenBSD's method of system call policies should be brought to Linux soon, as when it comes you will have rock-hard security. Not only will it provide awesome current-state security but is a very powerful way of preventing future threatning exploitations of vulnerabilities. It is very easy to implement this for specific reasons (custom tailored) but there is yet to be a widely deployed package for this).

When it comes to good security on default install. You might have a point here, maybe an install-time rc.d editor (SuSE already offers all this and more in YaST2, but it is not at install time) would do (many if not most Linux distributions needlessly enable network servers. This is improving in the mass-commercialized Linux distributions though).