Re: Security The underlying issue is always the need to answer the question: What is the threat model that you're worried about? Until there's clarity on that, all other considerations are irrelevant.
After there's clarity on that then it's a question of balancing the tradeoffs (direct costs, user impact, unintended consequences, etc.). One of the key "when do we know where to stop" criteria is the point at which for any given threat vector when does it become cheaper/easier/etc. to just go trick/bribe/bully/break-in-and-steal/etc. the information rather than trying to get it technologically -- i.e., the "rubber-hose" test. Take care, John
