LinuxQuestions.org - How to design my system? Global system + VMs (Security/Flexibility)

Hello,

I didn't know if this is correct here, because it is a mix between Virtualization - Installation(Desktop) - Security.

I have read about LUKS, but I don't know if it is too early to start considering it (maybe for the future).
I want to divide the HDD in the best possible way taking care of SECURITY - PERFORMANCE - FLEXIBILITY (probably all is impossible), but I am completely new to this.
I have experienced several problems combining grsec+virtualbox, so, I will need to change virtualbox with KVM (I have seen someone that make it works with grsec).
I don't know how to divide the workstation, I can differenciate four different tasks that I want to perform:
a) Free time: Reading emails (thunderbird) + surfing the Web + torrent + pdfs + latex + libreoffice + emacs
[Used everyday and 100% of the time]
b) Design: Gimp + Inkscape
[Used 1 of 15 days, but when used, for hours/days]
c) Developing: Java, PHP, Databases, CSS,... so, Apache, MySQl, Eclipse, Emacs
[Used everyday and 50-100% of the time]
d) Windows: specific apps and testing.
[Used 1 of 7 days, but when used, for hours]

So far, I am used to use archlinux with KDE + virtualbox with WindowsXP, and it is easy, but KDE is heavy and virtualbox doesn't work with grsec properly. I have discovered recently vagrant, and I don't know what would be the best approach.
I use emacs as my normal text editor for everything, and if I am going to divide in four different environments, maybe I will need to have a clone copy of emacs config in every env.

Global
---ArchLinux + grsec Kernel + iptables firewall + tomoyo
---Slim + awesome/xmonad
---KVM (shared folders for the different virtualmachines to connect globally to share resources if needed)
---Apps: thunderbird, firefox, torrents, okular (or others without KDE), latex, libreoffice, emacs?
***Q1) those apps are "heavy" and consume resources, but they are going to be used almost constantly, is it better this approach or create a different VM for them?
VirtualMachines for KVM
***Q2) Should be better to protect also every environment with a patched kernel with its own grsec?
------Design
---------ArchLinux vanilla (Security problems?)
---------Slim + awesome/xmonad
---------Apps: Gimp, Inkscape, video edition?
---------Problems: If I need other resources, surf web, edit text,... comfortable switch to global?
------Developing
---------ArchLinux vanilla (Security problems?)
---------Slim + awesome/xmonad
---------Apps: Use vagrant for different boxes for different developing environments, eclipse, emacs
---------Problems: If I need other resources, surf web, edit text,... comfortable switch to global?
------Windows
---------Win XP/7...

***Q3) I thought to use a really light global system to manage fluently all the different environments. What could be the best approach for my purpose?
***Q4) What is better considering both security ~ performance?
a) Global system with grsec + every VM with grsec
b) Global system with grsec + every VM vanilla
c) Global system vanilla + every VM with grsec
***Q5) If I want to use LUKS or truecrypt, what would be the best approach for my purposes? encryption of whole VM env?
I am not in a hurry, i accept every advice smile
Thank you in advance.