Yeah, nothing is safe. Did you see the interview with the guy who says he works for the contractor that does all the hacking? He claims they have tens of thousands of exploits for 0 day bugs ready to go. Against that, pretty much nothing is safe. I wonder what they have against OpenSSH and if the privilege separation does any good.
I've heard for years that large teams have different groups dedicated to bug finding, exploit development, penetration, and maintaining access without getting caught.
I think the future of defense is even more sandboxing. Like opening a new tab fires up a whole new VM and completely separate browser instance. It'll also be necessary to have a VM control access to each piece of hardware, with some kind of mechanism to allow the user to decide if and when an application can have access. Our existing concept of a filesystem won't work under such circumstances... data is going to have to be stored in some kind of network service so that all these sandboxed processes can get some kind of interoperbility. This whole idea of kernel mode/user mode being the only security barrier in a computer has to go. We also need more and better open source hardware.