The 'secure by default' philosophy is very good for computing. That is, with no user interaction, the computer and the OS should be as secure as possible. If a user has to learn something, or has to do some configuration to 'lock down' a computer, then the OS design has failed in some manner.
Some spectacular failures in security as a result of failing the 'secure by default'..
IIS 5 is a paticularly spectacular failure. Microsoft configured IIS 5 to have all features activated, all these sample scripts, and all this junk to 'make it easy'. All it made easy, of course, was getting rooted.
Redhat from the 6.x and early 7.x era had the similar idea. They figured that since people complained that Linux was to hard to setup compared to a windows server that they should do what Windows does and setup everything to run by default with all the features enabled. This, of course, resulted in the first time you had a realy widespread worm attacks on linux machines and the ONLY time you ever had a Linux virus spreading itself in the wild.
Similar thing happenned with PHP and those worms. We've had a couple instances of worms attacking websites that are using PHP, and PHP-built web services because of shoddy programming on the part of the PHP developers combined with very insecure defaults and design flaws of certain web services that utilized PHP. If PHP hadn't had the bugs in the language, then it wouldn't of happenned. If the PHP-using web services hadn't had insane defaults, then it wouldn't of happenned. If administrators cared about security then it wouldn't of happenned.
With Windows it's insane to have it so that you can execute programs downloaded from email by doubleclicking on them. It's insane that a program can be launched simply by having the last three letters on the name be 'exe' (or one of about 20 other executable file types), especially if your looking at a file that goes: cool.jpg.exe
Security of this manner is a multilayered approach. Rarely is it just one problem with a system, usually it's multiple problems.
So the 'secure by default' approach requires that end users actively praticipate in ruining their security on the computer. And since most users are lazy and wouldn't take any action at all, then it is a very successfull approach. You have human nature on your side.
Send the system to the end users 'locked down'. Give them documentation on how to unlock features, then setup a automatic way to do updates and give them a option to turn that off... That's as good as it gets.
Good examples of "Secure by default":
OpenBSD, were secure by default is their motto. Absolutely the best OS you can get in terms of security anywere outside of a research lab and still be usefull for general computing.
Microsoft's IIS 6 is very secure and is good advertisements against Apache. They managed to avoid worms and such caused by problems with asp.net, scripts, and various other security issues by configuring the server to only allow static html pages by default and disabling all features beyond that.
Facebook
Twitter