Point 3 : Minimize the use of forms authentication. Can you be a more elaborate on why? As forms authentication is one of most common way to authenticate on the way.
I understand this is a tip section, but if there are any ambiguities, it will be good for all to clear that up.
I agree with most of these points, but should point out that this is one branch of development (ie., some of these don't apply for an MVC+jQuery user). Also, "Set debug=false in web.config" is absolutely terrible for development (but it is critical for deployment!). Great tips. Cheers