I think someone's just seen Avatar for the first time....

Ok, and what if you see perl, mail, telnet, ssh, netcat, ftp, wget, etc in your list? A wanna-be cluey user will google and see they're not malware, but all of these things can be used by malware to do nasty stuff. Disabling any of those from hitting the network will likely affect other tools that do use them legitimately. If the malware isn't directly opening network ports itself, this approach is useless, and in many cases the malware would be better served to use existing tools such as these anyway.

One reason: DNS suffix search.

In my workplace, I put intranet in the address bar and hit enter, and although it doesn't find a DNS match on intranet, it knows to look for intranet.[my domain] or whatever (these default search domains are pushed out via DHCP or automatically assumed based on own domain name). Same applies to mail, ftp, proxy, etc, etc.

It's sort of a way to do private addressing for hostnames - if I see an unqualified name, it's always assumed to be in the same domain that I'm in or something fairly local. This can be a very handy shortcut, and is very widely used in private networks. I think it makes a lot of sense, but obviously this wouldn't work if intranet was a valid FQDN in its own right.

I agree you with you for the most part here, and I also could not in good conscience work for someone like the RIAA, however there's a few critical parts to this equation you seem to be overlooking.

1. A fair percentage of those people have probably worked there since before the RIAA even started all this shit. Would you suggest they should put themsevles (and their families) through everything involved with finding alternate employment / being unemployed (like they have to now anyway, but still..)?
2. I'm not sure about the U.S., but here in Australia the majority of the population have no idea about the horrible injustice being sought by the RIAA and their ilk - it's just not newsworthy enough outside of places like /.. A lot of people who were seeking employment and landed a job there may have had no clue about the less savory things being done there.
3. From the inside, I'm sure the RIAA would be feeding its employee's their own breed of propaganda to 'boost morale' and convince them that they're not evil. Most people would take the easy/conforming way and take that at face value.

...just because we here on ./ all think the RIAA a corrupt, deceptive, evil corporation, doesn't mean that everyone else sees them that way. Now Big Oil, Big Tobacco, and certain other industries that have been know for decades of doing 'really, really bad stuff' - those are the ones that should have a hard time trying to fill vacancies, but even then - wave the right amount of $$$ around and most people will happily put aside their morale dilemas and come up with some way to justify it to themselves.

A custom encryption solution? Ok, but what about those of us who aren't Bruce Schneier?

I don't have any affiliation with the software/devs other than being a long-time user and occasional bug-reporter, but KeePass:
A) Is GPL. Haven't been through the source myself, but I find it highly unlikely that a 'government back door' would go unnoticed.
B) huh..?? Don't really follow what you're getting at here.
C) Have KeePass generate a key-file for you, which you then need to use along with the password for two-factor auth. (obviously don't keep the key file with the password DB!). Layer on more levels of encrytion by putting the password store inside a TrueCrypt volume (hidden volume if you want to go with deniability as well), etc, etc.

On top of that, KeePass has some pretty nifty features like auto-type w/ obfuscation that (claims to) break all known keyloggers and clipboard spies, in-memory encryption so your passwords will never show up un-encryted in a page file, and configurable key-transformations to slow dictionay attacks to name a few. I personally trust it more than I trust an encrypted network connection and use it for everything these days. Seriously, check out their security page.

Unfortunately it's for Windows only, although there is a cross-platform port called KeePassX (haven't tried it yet myself).