There are some great security plugins out there, but you need to install 3-5 of them to cover all the bases, and they often overlap or are incompatible, especially when it comes to htaccess rules.
I think that security is such an essential component that it shouldn't just be left to chance. There needs to be an organized effort to create a single, official set of security plugins that ship with WordPress.
The plugins would probably have to be deactivated by default in order to adhere to the "5 minute install" philosophy, but just having them there would encourage most users to activate them.
What does everyone think about getting all of the existing security plugin authors together to form a new security plugins team? They could work together to create a set plugins that are comprehensive and play nice with each other.