grsecurity forums

For security reasons does it matter if a default non-hardened distro kernel is left installed on the system? Should it be removed?

Does using ccache interfere with RANDSTRUCT output for subsequent builds - causing it to be the same?

You have to decide what you need for security. Personally I don't keep a non-grsec kernel around and even don't have an older kernel than one or two releases back (a "known good" one in case there is some kind of regression).
This is mainly done because otherwise an attacker with physical access could downgrade to a vulnerable (or a non-grsec) kernel.
Generally speaking you should ask yourself what kind of threats you want/need to defend against and create your own formal or informal security policy based on that information.