They've been constantly adding new unsecure features to all WEB 2.0 related standards every day. For example, CSS3 supports "remote fonts" where the fonts that a page should use are specified by an URL in the stylesheet. Imagine how many new interesting vunerability possibilities in the freetype engine this opens!
Excellent record for security? Every week we get a new set of serious firefox vulns. Makes you wonder if there are any undisclosed ones, if the attackers got to them first, if your firefox has been already pwned and clicking on "fetch updates" will fetch backdoors, etc.
Given the paranoid security of browsers, for me the best option is:
qemu running windows XP. In there i run firefox and I have different hard disk images. The "unsecure one" which i don't care and the secure one for credit cards, etc. Hard disk images are deleted monthly and restored from base images.
On linux I use only konqueror and only for very specific pages.