Not as secure as one would think. More and more malcode recognizes or can circumvent VM.
Malware with a network component will propagate wherever it was set out to go despite the VM environment.
Separate kernel VM is difficult to be realized as there may be many instructions on a particular platform that cannot be virtualized.
The host machine's protection is a vital part of the VM's security.
Malware analysis via a VM could be better done on a separate lab settings machine.
Otherwise it is not unthinkable that when found out your ISP could put you "behind some wall".
For enhancing browser security using a VM in combination with script blocking is a good advice under all circumstances.
polonus