I myself got in on that Kinect ToysRUs.com deal. I was quite happy to have been informed of it.
I haven't seen Kinect advertised as requiring Xbox LIVE, so I strongly doubt Microsoft will make that a requirement.
Backups won't be prevented by the new dash. I think it'd be incredibly hard, if not impossible, to stop modified firmware on a dime like that. However, there is a question as to the purpose of fcrt.bin and how it will affect users of modified firmware on Xbox LIVE. The final verdict is yet to have been given down, but speculation suggests that there are function calls Microsoft can implement to read out specific sections of code within the DVD-ROMs. Given that these sections of code are known, Microsoft can check the data read out for modifications and ban from LIVE those consoles which don't check against the database.
As for the "new vulnerabilities": adding a new peripheral will not introduce new significant system vulnerabilities--at least the kind we've seen before. Keep in mind that the Xbox 360 has only had 1 significant vulnerability that compromised system security. It has been exploited in different ways, but at the core it's the same security hole. That hole is now patched. So don't get your hopes up.