A blanket ban on third-party cookies or third-party scripts is not enough. You need to be able to specify which third-party domains are trusted. There are lots of decent sites that need to be able to load assets from a different domain in order to be functional, but which also like to load Google Analytics, or set cookies from Omniture (2o7.net). These aren't ads, but are still things I'd like to block.

Many sites also break if you don't load GA, hence the need for surrogate scripts. If you dismiss and don't try to support the secure use of sites that exhibit any of the above behavior, then your browser doesn't have anything to offer users that care about privacy and security. Privacy doesn't have to be the antithesis of compatibility.

DNS blacklisting is useful and has its place, but I would expect a secure-by-default browser to not load any resources from domains outside the one in the requested URL (like lynx) and to provide a simple way to selectively whitelist external resources for that domain only (like the RequestPolicy Firefox extension). That's one important omission from your otherwise impressive list of features that will probably make me stick with Firefox + Vimperator + RequestPolicy.