Re: The underlying point is deeper
First of all starting a comment with "You are a fucking idiot" automatically weakens your point as it means that you obviously haven't thought about the issue. Otherwise you wouldn't use that kind of language.
Then look at the facts. We are already doing a very decent job at securing servers. Particularly since servers are at secure locations and run operating systems designed to do their job, we can trust them way more than any mobile device.
For a server operating system "vendor" security is one of the prime concerns, for a mobile operating system vendor it's largely irrelevant.
So securing the operating system on the server is _much_ easier than securing the system on the client. Plus since you control the update process on your server, and typically you download everything from a rather transparent 3rd party server, it's much harder to push special updates to you.
Securing a simple "terminal" operating system is also much simpler than securing a mobile telephone. You can, for example, start by using network ACLs, raising the complexity of any attack. Then you can have an additional layer of encryption with a pre-shared key. Since you are only dealing with one server (ideally your own) you can greatly lower the risk of anybody messing with your protocol as the actual cryptographic protocol will only see garbage. You don't need a full operating system for that, so your attack surface becomes minimal.
Bandwidth is not really the issue here as most websites are now so badly made, screen shots of them are smaller than the actual website.... often by a factor of a hundred or more.
In any case, trusting your "smart phone" also means trusting the cloud service it syncs to or talks to. And that's run on servers, lots of servers. You already need to worry about several different operating systems... most of which you have _absolutely_ no control over.
Biting the hand that feeds IT
