My favorite new feature is the revamped FileVault. The old version of FV was a huge mess: it only encrypted your home directory, it didn't play nice with TimeMachine (since it saw your home directory as one giant encrypted file) and was generally a nuisance.
Lion's FileVault is full-disk encryption and operates at the file-system level. This means that every program sees your encrypted file system as just ordinary files, while HFS+ is transparently encrypting and decrypting on every read and write from the hardware. This makes full disk encryption so simple and problem-free that I recommend everybody turn it on, immediately.
Agreed, this is my favorite too. And, after you encrypt your primary drive, you can either leave your Time Machine drive alone (which seems silly, but it's an option now, whereas before using FileVault created an encrypted disk image, which meant Time Machine could no longer backup changes-only, defeating the purpose of TM), or you can go into TM settings and encrypt your TM drive too.
You can also encrypt secondary disks on the command line. It all runs silently in the background until encryption is done.
Lion's FileVault is full-disk encryption and operates at the file-system level. This means that every program sees your encrypted file system as just ordinary files, while HFS+ is transparently encrypting and decrypting on every read and write from the hardware. This makes full disk encryption so simple and problem-free that I recommend everybody turn it on, immediately.
Ars has more information on how this all works (http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.a...).