xCode Security

The only thing I see in the referenced image is that quicklook wasn't able to make a thumbnail of the file (which is most likely the reason for the log entry). This would have been something you initiated, such as the preview used in Finder's column view.

For the most part, no one will be able to access your machine without you starting the communication in the first place. A good example of this is your web browser - once you contact any particular page, several ports are opened up to deal with the traffic (that you requested) from your machine to the server, not just from the server to your machine.

Correct - a web browser sends and recieves al kinds of stuff, including cookies, although cookies can't send anything by themselves. Other items depend on exactly what is downloaded and what kind of access it has (this is why it is recommended to use a standard account instead of an administrative one). Normally you would need to authorize the installation of an application, otherwise malware tries to take advantage of some flaw in an underlying framework.

For the most part, you will be fine using a normal approach to security (e.g. using a router, running from a standard account, not clicking on mysterious links, not installing plug-ins or applications unless you know what they are and where they are coming from, etc), although it doesn't hurt to understand the reasoning for doing these kinds of things.

Unless you have some reason to suspect that your system has been compromised, I wouldn't worry about it too much. Lots of people run from an administrative account without any problems; using a standard account is just another way to limit any damage that malware or a rogue/runaway application can cause.

There are literally hundreds of thousands of files in the system, so going through every one is unrealistic. The system files are owned by root, and although most are readable by everyone, they can't be altered without you giving permission - this is one of the main reasons for only downloading and/or installing items from known and trusted sources.

The main thing is to just be aware.

Cookies don't read anything, they are put there for whoever to read. I keep a few site cookies around if they serve a purpose, but delete everything else at the end of the day since Safari still doesn't have decent (well, any) cookie management.

The only way to really be sure your system is not compromised is to reinstall your OS. I'm not overly paranoid (why do you ask?), but with a fresh install, I use an administrative account to create a standard one for every day normal use, then set up the application firewall and install Little Snitch (it is interesting to see what tries to go out) - I use a business class router (without the default password or remote management enabled) that takes care of outside stuff like stealth, DoS, P2P, etc. From there, it is just basic awareness, decent passwords, being careful what gets installed, etc.

Just about all of the malware out there either jiggles the handle to see if the door is unlocked, or tries to convince you that their product is the only thing that will keep the rampaging hordes at bay, so with the proper tools and awareness it is fairly easy to spot things that don't sound right. I didn't know I had that many uncles in Nigeria though...

In that one, it looks like you were trying to execute the file - it is just a configuration file and therefore doesn't have execute privileges.