I've been a Hardened Gentoo user for a while. I don't use the full set with SELinux/GrSecurity, Prelude, and whatever else they like to throw at people; but instead use a few basic things like a security hardened gcc that produces PIE binaries with stack smash protection (paper).
It may come as a surprise to you, but these weren't terribly painful for me to get on my system. I won't say that the Hardened team didn't do their fair share of work; they did enough mapping out which packages break from what, trying to fix obscure bugs they find because of this breakage, and just in general trying to make this stuff work in the first place. Once it's known how to do it, however, it's fairly simple to upkeep.
It may also surprise you that I find these suitable for widespread use on "user-friendly" distributions. These particular technologies also don't generate any extra administration duties once in place. No extra passwords are needed, no added steps in installing programs need to be taken. If a distribution supplies these things, then the user doesn't even have to think about them.
After using some transparent security features, I became quite attached to PaX (Wikipedia) and SSP. I even produced an article for LWN.net about them. This prompted no action, but was still fun to do.
After a while, I took a look at Ubuntu Linux and read through their Security Notices to produce a simple analysis of the potential impact of PaX and SSP. In the end it seems like 40-60% of notices contain potential intrusions which can be reduced to DoS attacks, which although annoying do not open the path for local attacks or worm spreading.
Based on the above analysis, I also found there to be facilities to help programmers easily close off another 20% of local attacks. These are related to the creation of temporary files and directories, which makes potential bugs easily recognizable in source code audits. The supplied facilities handle what is normally doable in a handfull of code with at most two lines of code, and so are easier for programmers to use than the other, less secure methods.
Any distribution could easily deploy these things in a sane manner. It would be work, but not difficult work, although perhaps tedious to start up. Maintaining the changes would be very minimal effort. I believe this is the direction Linux distributions will follow, the direction they should follow.