Well I made it sound more complicated than it really is, I think. I agree it's kind of primitive but it would:
1, Severely curtail the amount of data available to be hacked
2. Make it very much harder to get at the central data repository
3. Cut down on damage if a user did click on something unfortunate
4. Be pretty simple.
...of course the whole plan is blown to bits if a user wants to use -say- Office 365; but if you're using that then you effectively don't have secrets anyway. So it would require a willingness on the part of the users to use simpler and more primitive software (which may be a whole new level of unrealistic right there). The basic point is that nothing is executed on the central data repository....treat data like freight in the one place (plus backups) it's all together. The other basic point is that -at the cost of inconvenience to users- you are limiting dependence on 3rd parties as far as is humanly possible.
Anyway, it was a theoretical first draft in a moiety-friendly world where you could tell users "this is the way it's going to be for these reasons" and people would actually listen. And beancounters would appreciate that a few quid upfront and higher running costs is preferable to getting the company ransacked later, even if they are 3 days from retirement. And unicorns frolic in the mist and people buy me beer all the time because they like the cut of my gib.