A lot of unwarranted concern here IMO. This is only an issue if you enable Remote Desktop, which is already known to be ridiculously insecure. It's disabled by default, so don't worry, if you've never used it you're not at risk.
Cite? Have a good long password, and SSL with a proper certificate from a CA
, and login rights only for users other than Administrator, and it works fine. The vuln above is something to worry about, but an exploit has not yet been developed and a patch is already available.
Sure, it doesn't offer certificate based auth like SSH does, but you can use smart cards if you aren't good at making a secure password. Add a VPN on top if you are really paranoid, and change the port for good measure.
I don't personally know of any specific exploits other than as long as the user does all that you mention, but the fact that it's closed-source increases the likelihood by quite a bit, and I generally would avoid trusting for-profit closed-source programs on general principle.
Your point is fair, though. My sentence was rather misleading, in and of that RDP isn't, except for this exploit and being closed-source, necessarily less secure that other protocols. I stand corrected. I'm just a little skeptical of the doomsayers.