> Isn't that a bit of an overkill for a starter system?? Not really. If you start with a fairly buttoned-up system, you know exactly what holes you open because you do it deliberately (and it's completely your fault if you screw it up). What Tom's described is a pretty tight system, and it's not a bad default if you have few or no CMS users.
The question we're really answering in this discussion: In this day and age, is there really any reason/excuse to ship a system in a state that is known to be insecure? I'd argue that the answer now is "no". We used to say "start with a simple system, and make it secure". What this discussion seems to be proposing is "let's start with a secure system, and open things as necessary". Seems like a Good Thing (tm) to me.
