Re: Don't treat users like children
Good security should NOT be as strong as the weakest link. Good security relies on multiple layers of protection so that if one layer fails there's backup layers that should prevent a major problem.
People fuck up. You may be trusted to handle the most sensitive data in the world, but there are numerous examples where someone has accidentally emailed daat to the wrong person, or any number of other leak vectors "put the wrong rule on the firewall, published to the public website instead of the internal website".
Then there's Snowdon. He was trusted having passed what is arguably the best security screening in the world (clearly it isn't). He got lots of data out.
So saying "I'm trusted so you don't need to do anything else" is clearly just stupid.