Security has been completely overhauled and refactored for Win7. For example, let’s say in XP that you want to open the clock to watch the seconds tick to time something. That requires higher privileges because the same panel that shows the clock also allows you to set the time. Now showing the clock and setting time are split permissions-wise. This has been done in hundreds of places throughout Win7.
So before where you needed to run as admin to get anything done, you can now easily run as a regular user. That right there gives you much better security. It also vastly reduces the annoying security popups, meaning you are less likely to turn off that feature (Win7 also adds registry virtualization to further reduce it for legacy apps).
Furthermore, they refactored the code itself, making sure everything is relatively cleanly dependent on something lower down, where before it was a spiderweb of dependencies, down, sideways and up, and that hurts security. That directly impacts the security, and a cleaner, saner dependency model makes for better security.
Now that’s just basic architecture changes that make it more secure, not any specific technologies they used to do it, like address space layout randomization.