Re: I don't understand the "false security" argument ...
But the attack surface has grown to the point that ANY public web page can be an attack vector. That's how Drive-By Attacks work. It's like animal fighters picking any house with the door unlocked to hold their fights. It's just not safe to leave the door unlocked anymore because it can become a big problem at any time. IOW, it's reached the point that a certain level of security is ALWAYS necessary.
PS. To the guy who's worried about their family pictures being picked off the wire, how about your website being co-opted into a botnet or DDoS node instead?
Biting the hand that feeds IT
