Re: secure their web server
It seems to me that, however strong you think your webserver security is, there will always be a chink in the armor for the bad guys to slip through.
Especially when you discover that some dormant, unused component you happen to have stored but not activated can actually be used to hack your site even if you've never so much as referenced it.
But I like the idea of a gold reference.