I would like see LD_PRELOAD disabled.

Since PDF is a common attack vector I would like to see distributions use sandboxing for PDF readers and email clients.

I do agree that LD_PRELOAD​ is an invitation to do nasty things ... but that PDFs are a main problem ...
and especially that sandboxing really helps in that case is absolutely not my understanding - even
real virtualization is not secure at all.
Sandboxing is just an excuse to do silly things (concerning desktop - it may be of some limited use
on toy devices like smartphone, tablets etc.).

Hardening is something for servers, i.e. in best case one application and everything is tailored
to secure that service.

But a desktop with all its possibilities can not be hardened in a reasonable way.

And when looking into security breaches, social engineering is typically an important factor.
Another is lazyness or convinience of users and in rare cases administrators.
Those two spoil any notion of security - and is experienced extremely often right now.

They are not Linux kernel features. This article talks about Linux kernel hardening.

I saw KCFI, and my first thought was Kentucky Fried Chicken! (I know, that reverses the letter order, but explain that to my unconscious!)

And I read that as "Kernel Certified Flight Instructor".