Re: One Time Pads.
As with everything in security, it comes down to economics. Strong OPSEC is extremely expensive. It's expensive in resources; it's expensive in opportunity costs; it's expensive in several ways in cognitive load, from planning and threat modeling to vigilance.
Most people simply cannot devote enough resources to OPSEC to prevent targeted attacks.
People who practice strong OPSEC and good spycraft generally are not very neurotypical; they have cognitive conditions that make it easier for them to obsess about the details of security vigilance.
It's true that psychological studies suggest career criminals are particularly prone to overconfidence, which opposes strong OPSEC, and so they may be even more vulnerable than the populace in general to this sort of attack. But the reality is the vast majority of human beings are simply incapable of or unwilling to defend against attacks which target channels they value highly.