Situating SBS on the edge of the small business network has always been a controversial topic. A network in a box for small companies has to include some kind of firewall doesn't it? So through the years it was RRAS, Proxy 2.0, ISA 2000 and ISA 2004. With word out that SBS will no longer be supported on the edge that means that ISA on that box and RRAS are both out of the picture. Considering that most SBS servers are currently protected by RRAS that's significant.
Having worked in the small business market for a number of years I can tell you with certainty that this will leave the vast majority of SBS customers with networks protected by their DSL router. A DSL router just isn't sufficient to protect against today's application targeted attacks. Neither is it sophisticated enough to serve the publishing needs of Exchange 2007 without leaving gaping holes to exploit.
Microsoft knows best how to protect Microsoft software. SBS is jammed packed with Microsoft software as are most small business desktops. What then will be the official "best practice" recommended by Microsoft to protect their software that these customers are so dependant upon?