Hell, while it isn't for most people, I just disable JavaScript on my general browser (which is in a VM) and only enable it on a per site per usage scenario limited to 15-30 minutes at a time after which JavaScript is disabled for that site again.
For my work browser that only goes to trusted sites, I still have JavaScript enabled, however. So there is a small chance that something could potentially slip through there.
Hence, while I'm tempted at times to disable some of these security patches, I don't ever seriously consider it. After having gone through Code Red back at the turn of the century, I don't want to have to go through anything remotely similar again. IE - I take security a lot more seriously now.
I really miss the ability from Internet Explorer of being able to set separate levels based on what security zone a site is in.
Regards,
SB