Great article. As a webdev at Yahoo, I can speak from experience that these rules definitely can make a huge impact on our performance; also, depending on what site you happen to be working on, a rule might be more or less relevant. For example, if you are expecting 1-2 page views per session, then externalizing your CSS and JS might not be worth the extra HTTP requests, even to a CDN. If you get 10-20, then it's a huge win, and you should absolutely lean on the browser cache heavily. Others, such as concatenating and minifying scripts and CSS, are almost always beneficial. You're right to point out that there's no substitute for a thinking developer.
As a huge web company, we have a lot of different kinds of sites, and they have different requirements. YSlow is not intended to be anything but a lint checker that summarizes our Exceptional Performance Team's findings. And it is very useful in that regard. It was an internal tool back before it was a Firebug plugin, and I believe it was only recently released shared with the public.
The tool doesn't include a configuration screen, but if you enter about:config into the address bar, and then filter for "yslow", you can adjust the weights that are assigned to each rule. Handy when you know that the tool is wrong about your particular situation.
I agree that using a CDN is overkill for all but the largest websites, and shouldn't really be on Yahoo's yslow..
This speaks to the title of this post, but, on a high-volume website, not using a CDN for static content is a recipe for disaster. Serving static content from a good CDN can be much faster, since they're optimized for speed and cacheability rather than hosting an application. When you multiply the number of requests by 3 (html, css, js), you can bring down a bank of servers in the first few million impressions. (Of course, I'll probably have grandkids before my little podunk blog gets a million impressions, so what matters for Yahoo might not matter for you.) Since Yahoo routinely plugs its own content on The Most Trafficked Site On The Web, we have to build pages that can scale to support massive spikes in traffic. I've seen a 2% click-through rate from the home page cause servers to die and flop around with rigor mortis. It's a MASSIVE firehose of traffic that we deal with.
In typical "open-source good guys who know where their bread is buttered" fashion, Yahoo is simply sharing what we do to optimize pages in situations where optimization counts. They want the internet to be faster. A faster internet means more people will use it more of the time, and that means more people using Yahoo.
Btw, 43.5 KB of CSS embedded in a GZipped HTML document is only about 14.5KB on the wire. It's absolutely worthwhile for the homepage to embed this information in an inline style tag.
The comment about maintainability only highlights the need for a good build process. Develop with many files, and then concatenate and minify them all as part of the build-and-deploy process.