The question is whether you're from western Pennsylvania.

DEP is nearly worthless without ASLR. (and vice-versa) See:
http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx

As for your "ASLR and DEP bypass", it's not bypassing ASLR. It's taking advantage of a vendor's product (Java) that doesn't opt in to ASLR. But you don't need to be at the mercy of your vendors. You can force DEP and ASLR to be on with EMET:
http://www.microsoft.com/download/en/details.aspx?id=1677

If you're still on XP, then you get none of that protection.

Tell me what Win7 does for me* that XP can't, and we can have a more meaningful discussion

Windows XP does not support ASLR, which is a powerful exploit mitigation feature. That is, given a vulnerability (which are pretty abundant in the software that we use), ASLR does a good job of preventing a large class of them from being able to be leveraged to run code (like install malware, keylogger, etc.).
Windows 7 does ASLR, which makes you less likely to get exploited by vulnerabilities.

Interesting. I wonder what percentage of the Adobe Reader install base uses the 3D capabilities?

I wrote it years ago, but it's still quite relevant:
http://www.cert.org/blogs/certcc/2009/06/vulnerabilities_and_software_a.html

Coding quality and exploit mitigations aside, there's something to be said for the size of the software that you're installing. The more code that's there, the more there is to attack. If you're using Reader, you might ask, why is there a 3D rendering engine in my PDF reader? Or maybe even do something about it.

So FTP, Bittorrent, RTSP, are not covered?

... for certified seafood.

I tested 3.4.4 and 3.3.4 (Latest on website now) and I couldn't even find auto-update functionality. Though I can see update functionality mentioned in the documentation:
http://help.libreoffice.org/Common/Online_Update

So either they've pulled the functionality, or I'm looking in the wrong place.

And they haven't done anything about it for years, either.
http://blogs.oracle.com/malte/entry/evilgrade_and_openoffice_org

The CA architecture as it is used in web browsers is only as strong as its weakest link. It only takes one compromised CA to make the whole system worthless. Having thousands of CAs would make the problem significantly worse.