Sorry for fueling the flames, but: they're all mostly useless. That is, non-broken software doesn't need them, and it's very hard to write a profile that doesn't allow hacked broken software to take over the machine anyway. Especially with Linux' large number of local exploits. There are almost always better ways to spend your sysadmin time.
It's another layer of protection, agreed. But the general consensus amongst people who use these systems is to turn them off. They'e not user friendly (see my post below), pretty much always badly documented, and most people don't have the time required to understand them.
Also, no grsecurity?