Yes Cyanogen is great, I run it on an Android phone or two and love it to bits. But that's not really the point...
The question here was about shipping a phone with CM preloaded, and that comes down to a number of business concerns.
In order to get the real penetration that this would need to get off the ground, CM would obviously need to pair up with a hardware OEM in order to get a handset crafted (or repurposed) and then they would also need carrier backing in order to get the sales penetration needed for a sustainable plan.
The major issue carriers will have with CM is the fact that the OS is rooted out-of-the-box and that carriers have a multitude of requirements imposed on handsets they'll slap their brand name on. Carriers tend to have business needs that require them to preload certain content on the device, rooting a device allows the user to quickly remove this content (something a carrier might have to swallow from the more knowledgeable users, but not something they would be willing to allow their userbase to perform at the flip of a switch). Rooting also opens a whole mess of security questions, which a carrier would tend to want to stay away from:
User: "My personal info was stolen from my phone!"
Carrier tech support: "Well your phone is rooted and you downloaded some nasty apps that captured your private data"
User: "But you sold me a rooted phone."
You also face issues like some of those mentioned in the comments here to the tune of "CM7 makes it easy to use Netflix". This is one example of many, but Netflix is currently only supported on select few handsets. I can imagine the lawsuits if a carrier were to sell and sponsor a device that "allows user to easily bypass device restrictions" put in place by app vendors. I'm not saying I don't have fun tinkering and hacking around apps in my spare time... but opening those doors to the masses and being liable for such a product is a whole different story.
Now the carrier is faced with having to support and guarantee a product that in the hands of an ignorant or unknowing customer can go horribly wrong.
Sony Ericsson has tackled this issue lately, allowing them to certify phones with carriers and have a secure out-of-the-box experience, but allow the customer to void his/her warranty by punching in their handset's IMEI on a website, obtaining an unlock code for the bootloader allowing full modification of the device. Forcing the customer through a lengthy agreement that renders all warranties null and void makes the carriers and OEMs safe from fallout if the user screws up their device from that point forward.
Cyanogen mod has quite a ways to go yet until they're ready to play in a commercial (and corporate) world where legal implication and stupid users require everything to be dumbed down and secured for consumption by everyone from preteens to seniors. I look forward to the day when I can sign up for my wireless plan and walk away with a Cyanogen handset, however I fear that if they look to commercialize the product they will end up taking away all that is great about CM in the first place.
In my opinion CM will thrive best staying where it is, being the best after-market mod/distro for Android devices.
The latest Microsoft patches published for October did not include a solution for the URI problem, so according to an article on heise security hackers started to solve the problem theirselfes and published an unofficial patch which cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function."
Link to Original Source