Yet again all good stuff, but it comes back to -

APPROPRIATE TO THE THREAT

I honestly do not believe that the home user is vulnerable if the simple not-too-techie measures we have described are used.

Having taken such steps, they then really ought not have to worry in the slightest about VPN tunneling into their intranet to enhance their security. It's just inappropriate for the degree of risk.