Because I have the spare time right now, and wanted to see how a really insecure Linux distro would hold up. Interestingly the answer so far, for Slacko 5.6, is "better than un-updated Windows XP." - The iptables firewall blocks *everything* in the default configuration. A scan of the virtual network's IP range doesn't even show the VM. This is better than can be said of any Windows firewall I tried. - Metasploit's database doesn't appear to have anything for any of the applications installed. The only exploit I was able to get working was a Firefox XPI one that requires really obvious user interaction. Once that ran I had root access, but there's no way a reasonably experienced user would have allowed it. I still wouldn't call un-updated Linux safe, but it's looking safer from here than un-updated Windows.