6. Only hardware can stop hardware risks, but if the software that runs on the hardware keeps changing (even quarterly) and corporate hardware is replaced only every 4 years it possible to deploy something hardware/firmware malware finds difficult to understand and perhaps, even tricks to defeat specific strains.
7. Its a very thin Linux (Thinstation?!!). It can run well on very old machines, further making new hard/firm-malware even less likely relevent.
Hmmm, it seems to get more secure as I think about it.
For example, why would one even need a firewall, anti-virus, or other common security features if all you're doing is booting up to bank online or visit other sensitive, relatively safe sites?