Re: why, why, why... what is the point?
Why should we *not* secure websites?
Because it's a terrible waste of resources. It burns CPU cycles, bloats network messages, and interferes with some forms of caching and compression (e.g. by transparent gateways). Because it's a stupid attempt at security-by-fiat which imposes the same threat model on every use. It's cargo-cult programming.