The Tao teaches us to not act until others require us to act, and to not learn unless others require us to know.

The reasoning behind that idelology is that you can plan, predict, expect, and number crunch... but nothing says wisdom like learned experience. I see Microsoft possibly taking this route, which although it makes certain security nuts ("WHY WASN'T THIS FIXED ALREADY!!!111") it also gives them quite the advantage. Not all forms of security are predictable, and I don't just mean 0 day. They bitched and complain when XP allowed raw sockets but Microsoft did it anyway. And through real life experience and user responces(as well as bug traq lists) they have come to learn how raw sockets can be exploited on their OS, why, and what must be done to patch that hole.

See what I'm getting at? Rather than blindly apply security features that may have an impact in theory, it still doesn't hold the water or real data results of a actual experience of it. I see Microsoft as not acting unless someone needs them to, not enhancing unless someone needs them to. Similar to a child touching a stove to learn that it is indeed hot and having first hand experience, rather than being told that the stove is hot and thinking that it is always going to be that hot at any given time during the day.

Because at that point in time it won't be guess work, it will be comments, emails, suggestions, bugs, facts and figures. Just a side thought in responce to another security "guru" chewing away at MS, and just my own humble opinion.