As a security professional and someone who learned to code almost 30 years ago, poor code is poor code. The best security is the kind that is bilt in from the beginning not patched in later. Also, the vulnerabilities that we see today are a result of coding and design mistakes. It is a lot easier just to throw together code and not do the appropriate error checking in your program. Best practice is to always validate your data construct in your program prior to applying your logic. This way you push back the garbage and not process it.

In regards to M$Security, or the lack there of, is a business decision they have made to place profit before quality. They take the strategy of good-enough vs. good, less alone never great. It is their responsibility to sell a quality product. None of us would buy a car with such quality issues or with the warranty they provide (MS EULA).

We should all objectively assess your options. Read Walt Mossberg's article in the Wall Street Journal for an unbiased opinion.

http://ptech.wsj.com/archive/ptech-20040916.html
http://ptech.wsj.com/archive/ptech-20040923.html

Execrcise your right to choose.