I all ready wrote something like this the other day, also this bit you wrote

"Use a complicated password."

Makes no differents what so ever, do you ever think if hackers can decrypt MD5 hash password they can simply grab any complex password you might of made?

You also forgot to mention about drive by's which I mentioned in post I made about it.

Other then that you post seems ok