Linux isn't idiot proof
To make Linux an idiot-resistant platform, users can't be allowed to install or run ANY untrusted executable code.
The model I have in mind is where the ISP service is bundled with an appliance which is leased as part of the service and not to be opened or base software modified by anyone except the ISP's authorized service agents.
The device wouldn't execute any code which hadn't been signed by the ISP; thus any add-on software would have to come from the ISP or be authorized by it.
It's too bad the "New Internet Computer" wasn't able to gain any traction in the marketplace; a device like that with Puppy Linux stored on a write-protected Flash Memory card (instead of a CD-ROM) would be ideal.
A strict security model would make it tough for "mobile code";
the only way mobile code can be trusted is it is limited to display APIs and a sandbox which is cleared on one of applet exit, end of user session or system restart (if session has a non-graceful ending).