There's an interesting discussion (Dan's blog post and the ensuing comments) on Microsoft and security issues at Dan Gillmor's weblog