[jdbernard]

To add some additional perspective: many of us know how to add some basic level of security to our personal networks. Certainly not NSA-proof, but enough to about being owned by your average script-kiddie or wide-spectrum hacker.

So in reality we do have more concern about Microsoft's update channel, which has a trusted, straight-shot channel directly into the core of our system than we do random Joe hacker who had to bypass our NAT, find a zero-day, etc.

From a secure point of view, Windows update operates within the secure zone with root privileges. Of course that's more concerning if you don't trust it that an external hacker.