I've been using various beta builds of IE 7 for several months now, and I am really impressed with the new security features and default settings.  I've seen gold bar and address bar warnings that highlight real issues with real commercial sites as I've been using the web.  It's really amazing to find big commerce sites that don't have their SSL certs set up correctly, for example.  I've seen multiple sites running with expired certs, as well as sites that have mismatched certs (so the cert for foo.company.com is used on bar.company.com, which IE flags as a potential security issue).  I even discovered a Microsoft product (in beta) that ships an unisgned ActiveX control.  In each case, when I send an email to let the owners know of the problem, they fix things up, but it's really been interesting seeing how many folks just don't get this right.  I think IE 7 will raise awareness of these issues, which is a good thing.