Acrobat vulnerabilities let you directly drop and install your malware on the system, you don't need to invoke a browser at all.
I've heard that PDFs were used, and that's the one that sounds the most logical. Whenever I've seen attacks against my network from the Chinese, it's always been in the form of malicious spear-phished PDFs.
Whatever they actually used against Google, there's not one easy solution. You can't just say that they should have used Firefox, because then the attackers would have exploited some random Firefox add-on that some people were using. I'm sure Google employees use every browser out there throughout the company. Keeping Acrobat Reader fully patched and keeping your users alert and well-trained would probably stop a lot of it, but not all.
Anyone who sees a encryption device/service that offers the option of recovering your data without the passphrase should already know to run away, quickly. That's admitting right in the open that they have serious weaknesses.
My reading is that the hardware decrypts and gives up the data when the right key is sent. However, the right key is unrelated to your passphrase, it's a standard key for either that device or all devices (the article is unclear on this.)
Unfortunately, if you work in the federal government, you need that FIPS 140-2 compliance. While I'd love to use Truecrypt all over the place instead of commercial software that I don't really trust, it's not really an option.
Now, for personal use, absolutely. But I'd have to assume that people already just use Truecrypt for personal use (assuming you're the kind of person who reads Slashdot, at least...)