Homedir based encryption with LUKS in loopback files sounds as a bad idea to me. AFAIK LUKS containers can't dynamicaly grow or shrink so you'd need a fixed size homedir ie loopback file for that?
If you want homedir based encryption, then use ext4 directory based encryption.
But I think you most often don't want homedir based encryption. Homedirs inaccessible when a user is logged off only works for pure desktop scenarios, not servers. And it will also rise problems if homedirs are unmounted upon logoff or screen lock if you run background processes on your desktop, something many people do. Besides that, lots of sensitive information is saved outside your home directory. Full disk encryption provides with many advantages.

Firefox just releases a binary distribution (tar.gz) for Linux like they do for MacOS and Windows. It runs on AFAIK every, not really old, distribution. Something Chrome and other software vendors could do as well.

There is a problem with the traditional linux fixed-version distribution of software. You can either choose to use an unstable distro like Fedora OpenSUSE Ubuntu that break once in a while, or choose a stable distro like Debian Stable Ubuntu LTS RHEL/CentOS, and come to the problem that software that is mature to change like browser and desktop stuff being outdated. I think it's also a waste of time for the distribution organisation to maintain all those software packages, it's something the vendors of the particular software should do.
It's also annoying that with the customer distros, nice good working software will be thrown away, like Gnome2 and KDE3 where dropped immediatly after release of Gnome3 and KDE4 (which was really unstable and unusable in the early days).

I now choose to use EL6 (CentOS) now as a OS basis and install/compile new software on it by hand. I have build KDE 3.5.10 and KDE 4.9.5 succesfully for it, works fine. And it will keep working as is for the next couple of years because the API/ABI of the underlying libraries will be stable.

pkg_add -r

The package management tools are very nice indeed, much better than the unnecessary complex and bloated rpm/dpkg-apt combinations.
I think the author points on the somewhat poor quality of the contents of the binary software repositories, comparing with the major Linux distributions.

For example: the php4 package depends on apache-1.3. If I want php4 linked to apache-2.0 or just don't want to use apache at all, there's no other way than compile it with ports.
In the most of the linux distributions there are just binary modules between apache and php that connects them so the php and apache packages can be independent from each other.

Another thing is that there are no backward-security updates on packages. There is no stable package/ports branch where the software versions stay the same for a few years, like the major linux distributions have. Only way to fix a security bug in a package is to upgrade the package to a higher version. This often means all the dependencies also need to be upgraded and also means that due to a newer version unwanted features/settings will be introduced, for example causing some websites on your server get broken.

I'm afraid the only way to get to a stable software package repository or portstreem is to have a large team to do all the security and software packaging work (do the "QA" thing), like Debian has.

I know some (large) companies like ISPs that use freebsd on their systems, have complete departments maintaining an own freebsd distribution and keeping track of all the software packages and develop backward security patches for their system software.