Yes, that's why AE will always stay important. I do believe browser exploits will become less relevant, and kernel exploits are mostly reserved for high profile attacks, and are not that easy to pull off. But you can never let your guard down.
Would have been nice if Rand broke down the vulnerabilities by OS and non-OS based. The article does prove what I have always assumed in that many vulnerabilities never are publically disclosed or resolved.