Well, there are a few errors here, but..
Not really part of the OS
NTFS - designed to fragment
Yeah, this is true, but there is a reason for it. A large multi-user system running on slow disks will (statistically) benefit from a somewhat fragmented file system. Do the maths. Of course, this hurts WNT on the desktop. The general idea is that one user task will nor process an entire file in the time-slice alotted for it to run, so when it is pre-empted, the next task will need to read a different file somewhere else on the disk, in other words, moving the read head, and before it is finished with its file it will be pre.empted, the read head will be moved again, to another place on the disk, etc. In such a scenario a fragmented file system will have higher performance than a non-fragmented system due to the read head moving shorter (on average) distances each time.
Imagine two files on a one-platter spindle. One file is on the "inner" side of the spindle, the other on the "outer". Two processes are reading one file each, but are being pre-empted multiple times during the reads. For each task switch, the read head will have to move from the outer to the inner part of the spindle, or inner to outer. In other words, for each time slice, the read head moves across the entire disk. If the files are fragmented and the fragments are spread across the disk randomly, the disk head will, on average, only move across half the spindle each time. So, at the time of design and implementation, based on the purpose of the OS (both big server and desktop were imagined) an intentionally fragmented file system made sense. The problem is that one have to live with decisions like that for a long time :-)
A fundamentally broken and insecure security model
Again, in the OS, no the model is not broken, but the way Microsoft configured it, it did become broken. Mostly because of the elevated privileges needed for the first few years to do just about anything. But still, not a bad feature of the OS. In fact, again in the OS implementation, it beats the woefully simplistic and inadequate Unix security model of the time (and for many, still at this point in time).