DuckDuckGo also does not appear to offer to act as your Web proxy like Startpage will do.
No, because if they did then they'd be able to track all of your browsing. They don't wish to do this...
The self-destructing cookies plugin for Firefox has the cookie management policy that I want. Sites can leave whatever cookies they want, but they are silently removed when I navigate away from the page (there's also an undo feature, so if I realise after navigating away that I actually wanted the site to store something persistent, I can retrieve it). It also does the same for HTML5 local storage and will aggressively delete tracking cookies from ad networks. It needed basically no configuration other than to whitelist a few sites as I go.
I'd love to see Microsoft and Apple integrate this kind of functionality into IE and Safari. I doubt Google would do the same for Chrome, as they rely too heavily on aggressive tracking for making money. I don't really understand why Apple and Microsoft don't aggressively push privacy features in their browsers: they'd get good PR and hurt one of their competitors at the same time...
Don't get me wrong, DuckDuckGo sounds good. Sounds like they certainly don't actively track you. But I don't see them bragging that they "keep no data to hand over in the first place"
They don't use tracking cookies (their preferences cookies are not identifying, they're just a string of your options, if you've set them), so the most data that they can have for identifying you is the IP address. They've been SSL by default (redirecting from http to https and defaulting to https in search results where available, for example on Wikipedia) for a long time, so you don't suddenly jump into an unencrypted connection as soon as you leave.
Integer overflow has absolutely nothing to do with security
Integer overflow has been in the top five causes of CVEs for several years running. Buffer overflows, sadly, are still at the top.
Walled gardens like AOL and CompuServe failed because they had to compete with everyone else. In the early '90s, there was a lot of content that was exclusive to AOL or CompuServe. There were a load of small BBS that had their own unique content. And then there was the Internet. Anyone could put something on the Internet and when web browsers started to be easy to install anyone could put up a web page. Individuals would put things up on their ISPs' web space or somewhere like Geocities, big companies would buy their own servers. Small individual ISPs started to spring up, because the cost of entry was low: a rack of modems, a leased line, and a load of phone lines and you could be an ISP. Local ISPs competed by differentiating themselves in various ways (free email, free web space, static IPs, whatever).
Meanwhile, AOL and CompuServe (OSPs - Online Service Providers) were trying to sell access but also be responsible for all of the content. The parallel with Facebook isn't quite there, because they're only selling the content. The problem is that, while there is some content on Facebook, anyone who can access Facebook can also access the whole of the web. They need to somehow justify putting content on Facebook (where only Facebook users can see it) rather than just putting it on a web site. Their argument for this is that they can collect lots of data about potential customers if you do, but it's not clear that this is a good long-term alternative.