Security best practices
Currently (version 220.127.116.11) Orchard does such things as store database connection strings (including user IDs and passwords) in plain text.
Many orginazations need increased levels of security such as ecommerce (PCI compliance), healthcare (HIPPA) and public companies (SOX compliance).
It would be essential to such applications that Orchard be built with Microsoft's security best practices baked in at all stages of development.
Unfortunately security is not something that can be "bolted on" after the fact like a module. That is why this is being proposed as a core principal for the entire project.