This is excellent explanation and commentary by Jim Allchin on some of Vista's new security features, including User Account Control (UAC) and Data Execution Prevention (DEP).
He goes into detail about the security features vs. convenience decisions that were made during the development of Vista. ("If you don’t lock your doors at night because it is too much of a hassle, the locks don't offer much security.")
For both home and enterprise users, Jim concludes by offering a good-better-best strategy for configuring several of Vista's core security features.
So who's using UAC? I just tweaked a few of my Vista's settings at Jim's suggestion, including enabling DEP in Internet Explorer 7. I must confess, though, that although I enable UAC most of the time, I turn it off when doing development work on Vista. Security features versus convenience, and all that...