Not that I think its directly relevent, but recently I've been writing some code on Win32 that works with secure registry keys. I discovered something there that to me offers an insight into why Win32 has so many security issues. Its damn hard to do stuff in Win32 securely. Getting a security token setup with the right privs etc is a lot of work. But you dont need to bother, because everything is set up so that if dont do the security malarky the OS defaults to "access/everyone". If Win32 used "access/owner" as the default, and forced people to do work to make it "access/everyone" then things would be a lot more secure.

The lesson ive learned from this is that if a security model is painful to work with and easy to ignore the end result is that nobody will bother.