if you really want to give him a 'real' computer, how about an old eeepc 701? It's cheap, won't break easily, the size and the weight are right for a 7-year old and you can simply install some educational Linux distro to get him started.
x0d writes: "Windows 8 has a new featured called Windows SmartScreen, which is turned on by default. Windows SmartScreen’s purpose is to “screen” every single application you try to install from the Internet in order to inform you whether it’s safe to proceed with installing it or not. There are a few serious problems here. The big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install. This problem can however get even more serious: It may be possible to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target."
musicon writes: "According to Nadim Kobeissi, Windows 8 is configured by default (using a new featured called Windows SmartScreen) to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here and therefore becomes vulnerable to being served judicial subpoenas or National Security Letters intended to monitor targeted users. This situation is exacerbated when Windows 8 is deployed in countries experiencing political turmoil or repressive political situations.
Additionally, it may be possible for a 3rd party to intercept SmartScreen’s communications to Microsoft and thus learn about every single application downloaded and installed by a target."
x0d writes: "Yahoo appears to have been the victim of a security breach that yielded more than 400,000 login credentials stored in plain text.
The hacked data, posted to hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, who said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, intended the data dump to be a 'wake-up call.'"