I found the post very clear and interesting. Maybe it was written like a rant that you'd normally say out loud rather than write down, but it was good nevertheless. What did you find confusing?
Multi-layer security is an interesting issue where each service can be exploited in a couple of ways. There are app-logic layer problems like not escaping input as well as app-internals layer where app's language matters to some extent. Java does have reasonable protection from buffer overflows... unless it's a bug in jre where all apps suffer. On the other hand we only have some unfortunate exceptions like unusable but safe qmail.
So while it's not the end of your worries of course, from the developer's point of view if you can make sure you're running on a system handling ASLR properly, using a language with managed-memory, designing a system to not require escaping in the first place, so there's nothing to forget about... you can eliminate several classes of attacks without even starting to think about specific scenarios and business logic itself. (not all follows from the post itself, but this was on my mind after reading - so matches your question hopefully)
