Thanks for the feedback!

Full hard-drive disk encryption by default?

Absolutely; right now the methods for full-disk (or at least home folder) encryption work great, but have some unforeseen consequences like requiring another password at boot time or not updating the encryption password if the user password changes. I’d love to see improvements in this area, then it become the default.

Packaging apparmor-profiles and apparmor-profiles-extra by default on elementary OS for the apps that are not going to be sandboxed using Snaps and Flatpacks any time soon?

For sure, but this is more of a technical problem than a UX one. With the upcoming changes to AppCenter, AppArmor is definitely an area of interest to help keep apps more sandboxed from one another even without Flatpak or Snap yet.

Applying insecure-HTTP warnings in Epiphany by default?

Good call. :) I’ll have to check if that’s being worked on upstream or not, but it appears to be the standard for web browsers moving forward.