I wouldn't worry much about people whom I granted access to my computer, (though it could be worrisome if someone else got their hands on their credentials), I would worry about people who got access fraudulently. But that requires tighter security policies.
Regarding Windows, it's all explained on MS website (just a Google search away), and it seems quite potent, but a default consumer OS doesn't push for stringent requirements for each and every application being installed. It's up to the user to setup the adhoc policy, and hook up VNC to it, I guess. The good thing with application markets and distro supported package repositories is that in theory all this could be included in the package and verified for conformance by the repository maintainers.
Regarding Windows, it's all explained on MS website (just a Google search away), and it seems quite potent, but a default consumer OS doesn't push for stringent requirements for each and every application being installed. It's up to the user to setup the adhoc policy, and hook up VNC to it, I guess. The good thing with application markets and distro supported package repositories is that in theory all this could be included in the package and verified for conformance by the repository maintainers.