There's an important difference between being serious about security, and making a big security theatre song and dance.
The latter is far more visible, but is often not very effective.

Having services running by default but inaccessible due to a firewall is pretty braindead, much more sensible to not have listening services running at all unless the user explicitly enables them.

Depends who you want privacy from.

The mac client from ovpn.com does the same thing, hijacks your DNS settings even when the VPN is not connected.
This breaks a lot of things, for instance if you have internal DNS which resolves the names of your own devices (very common on a corporate network), or if you have a DNS service which implements DNS64 etc.

This is in many ways a benefit. It will support any hardware or storage that's supported by any os virtualbox itself runs on.

Neither proxmox nor esxi have official support for macos, both can support a hackintosh install...Not that it matters, because macos for x64 is going to stop being developed fairly soon.
Proxmox has an unofficial port to ARM (proxmox is a management layer, the underlying technology already supports arm and has for quite a while).

Mandate a price cap on parts, and track the individual parts by serial number instead of just the complete device. Then disallow activation of any device which has any stolen components fitted.

People only buy black market parts if they are significantly cheaper than legitimate ones. If the parts are available close to cost price from a reputable source, there is far less incentive to take the risk on stolen parts.

Once you've trained that person for 4 figures, they will leave and go somewhere else that's offering them 6 figures.

The idea that you can train someone up and keep employing them on a lower salary than you can hire someone with the same skillset is quite insulting, people generally won't stand for this.

I use a VPN when travelling, because a lot of networks still don't provide IPv6 and i have a large number of IPv6-only resources that i need to access.
The cost of getting legacy IP for all those resources (some of which are outside of my control) would be MUCH higher than the cost of connecting to a VPN.

VMware are not a monopoly, there are a lot of alternatives.

The presence of a monopoly is one thing, making yourself dependent on one is quite another.

VMware's license changes are only affecting those who allowed themselves to dependent on their products. For those other providers who are not dependent on VMware products (ie all the big ones - AWS, Azure, GCP etc) this is an opportunity to gain some customers.

All these "improvements" are turning it into wordpad, which they recently got rid of.

If your business is so dependent on a single proprietary vendor then you only have yourself to blame. For something which is so important you should always ensure you have an exit strategy and/or a second source supplier.

It's no coincidence that the major cloud players are using either their own inhouse tech or open source.

The bloatware subsidises the price, wait for a third party rom to become available with all this junk removed.

Apple devices tend to be single user. Most macs don't have more than one account and it's even rarer for multiple accounts to be logged in at the same time, and ios devices don't even have a concept of multiple users.
If you were to get code execution on a mac, chances are it would either be as root or as the same user who's using the machine, so you'd have access to their processes and data anyway.
Such a vulnerability would be more serious on a server that was hosting multiple virtual machines for different customers, but Apple don't make those.

Exactly this, Apple devices are almost always single user so this has a lot less impact than processors which are being used to run virtual machine instances for multiple different customers.