The laptop had a serious hardware defect involved with the hard drive in the way it forced it to stop as much as humanly possible to extend the battery life. While this accomplished the idea, it shorten the lifespan of most HDDs I put in it severely (remember all those "HDD died again" stuff I posted awhile back).
It could be gotten around with an SSD though but I lost the mounting bracket so the HDD would always be loose (not good). Even then it had a really bad implementation of NVIDIA graphics (Hybrid Graphics which is the generation before Optimus and definitely before the point NVIDIA and manufactures got it right) which in Linux you must have the GPU powered on all the time to utilize all it's might. This shortened the battery life down to laughable levels (no more than 1h 45m).
Linux did help breathe some more power into it but came at a cost of inefficient power usage. The monitor portion of the lid broke off so it's no more than a low profile PC that must be attached to an external monitor. Although it still works, it's retired and been replaced by the MSI GS70 and Surface Pro 2 systems.
This was only done on an old laptop that barely functions and with only one game now so take it with a grain of salt:
I did put Fedora Core v15 long ago on it to see what it was like and when I managed to force StarCraft 2 under Wine on it, I found that the average and minimal framerates for it were higher than in Windows.
Here's the specs on that laptop (it was bad but did what I needed it to do for course work): Link
I think that a good chunk of those vulnerabilities may be way less than what is commonly considered. When most people think vulnerability they usually jump to remote code execution. Those represent the most severe. I would think that things like triggering an authentication prompt (UAC in Windows) when it should not be allowed to is considered a vulnerability (a much more minor one).