The National Security Agency (NSA) offers "Hardening Tips for Mac OS X 10.6 'Snow Leopard,' a tri-fold security brochure for the agency's Information Assurance Mission. It's packed with useful tips.
While taking aim at Snow Leopard, most of the tips can apply to plain old Leopard as well as Lion. Some are simple and practical but would require a security-conscious workflow.
For example, the guide suggests creating a user account specifically for surfing and reading e-mail. Many single-user machines read mail and surf in the primary account, which is likely the Admin Account for the machine.
There's also a list of LaunchDaemon and LaunchAgent services that may, or may not, be necessary for every user in an organization and certainly not in many buttoned-down federal shops. If you're not using a VPN, maybe shuting it down could be an idea.
The difference between the government shop and the rest of us can be seen in the section on Bluetooth and Airport security.
The best way to disable Bluetooth hardware is to have an Apple- certified technician remove it. If this is not possible, disable it at the software level by removing the following files from /System/Library/Extensions:
The best way to disable AirPort is to have the AirPort card physically removed from the system. If this is not possible, disable it at the software level by removing the following file from /System/Library/Extensions:
If the service and hardware offends you, take it out!