trying out older (read-only, noexec, mount) security methods

[Tim]

Are there any known, current, problems with mounting certain things as
read-only or noexec to minimise harm?  Such as making /tmp and /home
noexec?  Or /usr read-only?  Or any other suggestions?

Also, it occurs to me that /boot isn't read after bootup has completed.
Is it even necessary to keep it mounted?

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.