Mozilla Thunderbird's Privacy and Security Options
To access Thunderbird's Options dialog and modify its settings, go to Tools > Options, click the desired topic and select the appropriate tab, as applicable.
Thunderbird's Privacy Options: General
The first option, enabled by default, is Block loading of remote images in mail messages; you should leave it checked, unless your email address is only used in an internal network.
Images, among other embeds (or "linked content"), can be used by spammers to determine if an email address is active or not. An email address that appears inactive is much less likely to be used and re-distributed. (The potentially harmful effect of linked content is explained in the spam & junk mail tutorial.)
An easy way to avoid receiving (more) spam is to use a "junk" email address to sign up for unimportant things, and keep your "real" email address for more serious stuff, (like contact email for banking, credit cards, your school, …) If your email address is listed anywhere on the Internet, spammers will find it.
From a practical standpoint, it means that by simply adding a newsletter subscription's email address to your address book, you will see the newsletter's rich content in all its glory.
The last option is Block JavaScript in mail messages: you should always leave this option checked. While most modern email clients are safe within limits, someone will always come up with a way to exploit an undocumented vulnerability. With JS scripts automatically turned off, you greatly reduce your exposure to such exploits.
JavaScript is a web scripting language originally developed in the early nineties by Netscape Communications, maker of the Netscape Navigator browser. JScript (by Microsoft) and ECMAScript (ECMA-standardized version of core JavaScript) are basically the same thing.
JavaScript (the all-encompassing denomination) is a programming language interpreted by web browsers, which allow to add interactivity to the online experience.
Google Maps and Live.com are examples of the kind of interactivity JavaScript can bring to a web application. (To be precise, both of these apps are created with AJAX, a set of technologies in which JavaScript plays a major role.)
Bottom line: web scripting is a great thing, but enabling it in emails is asking for trouble.
Thunderbird's Privacy Options: E-mail Scams
Thunderbird can try to detect if some incoming emails are scams. The method it uses are not explained, but they are likely to include things like mismatch between mail server used and mail domain the email comes from.
Thunderbird does not delete emails it perceives as scam, it merely warns you of the possibility; you should leave this option enabled.
Thunderbird's Privacy Options: Anti-virus
Typically, your anti-virus (AV) software will analyze data as it comes in from the Internet. When you launch Thunderbird, it will check the mail server for new emails. If found, new emails are downloaded. This is where -if your antivirus supports it- emails are scanned for viruses.
By checking the Allow anti-virus clients to quarantine individual incoming messages checkbox, you tell Thunderbird to authorize your anti-virus software to store separately emails in which it found a virus. Typically, your anti-virus software should let you decide what to do with quarantined emails.
This option was added in Thunderbird 1.5, after incidents of entire inboxes being deleted by anti-virus software. With this option enabled, Thunderbird stores emails being downloaded from the mail server in temporary, individual, email files.
The MozillaZine Knowledgebase has an article dedicated to Thunderbird and anti-virus software interactions, and has compiled a (partial) list of anti-virus software packages that are known to have compatibility issues with Thunderbird.
Thunderbird and Antivirus Software 
Thunderbird's Privacy Options: Passwords
Thunderbird can optionally remember passwords for all your email accounts. This is a handy feature of which most of use will gladly take advantage. the alternative is to supply passwords manually each time Thunderbird needs them.
Especially if you use Thunderbird in a public environment -like surrounded by colleagues with a dubious sense of humor- be sure to take advantage of the Thunderbird's Master Password feature.
Additionally, Thunderbird's Change Master Password dialog has a Password quality meter progress bar. To reach Thunderbird's top grade for your password, it will need to contain letters, numbers, plus a combination of !@%$#-type characters.
After a master password has been set, you will not be able to view existing passwords in plain text unless you supply the master password. Moreover, the master password is used to encrypt (or "scramble") the file in which Thunderbird stores that information.
Obviously, Thunderbird will ask you to supply the Master Password before try disabling it by clicking the Remove Master Password button. (Same applies if you try to change the Master Password.)
Thunderbird's Password Manager
To see the passwords Thunderbird has saved, click the View Saved Passwords button. The Password Manager window will open.
There are two tabs: Passwords Saved and Password Never Saved; between the two tabs, you should see references to all email accounts that were ever created or imported into Thunderbird. Since the Password Manager has a Show Passwords button, you want to make sure that you do not leave any unnecessary email account information.
To delete references to these email accounts, and related passwords, click the Remove or Remove All buttons.
Thunderbird will not ask for a confirmation before deleting an email account after you click the Remove button, even if you end up clicking the Cancel button afterwards. Make sure you select the right account!
Security in Thunderbird
Handling of security, certificates and secure emails in Thunderbird will come in a later tutorial, in which we will revisit the Security tab of Thunderbird's Privacy options.