Re: The retail license changed, too
ASLR is supported in Vista and later (in Windows). But that doesn't mean all software necessarily opts into that capability, unless you force the issue with something akin to Microsoft EMET.
Further reading on the subject: the U.S. CERT's security shootout between various versions of Microsoft Office and OpenOffice: http://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.html The third graph on the page delivers the message pretty clearly. They also cover some other aspects, such as the updating mechanisms. I could remark on some other security aspects, like the ability to specify and enforce MS Office security configurations using Group Policy and Security Configuration Editor, but it would make for a long reply ;)
As for Java security, if a JRE is installed as part of the package, then I see the risk for it to end up enabled in web browsers, which has proven to be a prime attack vector in real life (Flashback botnet on Macs, exploit kit attacks on Windows, etc). I'm not comfortable with having it installed, period.