> I think that there are times when these kind of draconian measures are > needed. You mention that your project started out with those requirements. > I and the rest don't see that need in this case.
Yep, this is the big disagreement. And although not necessary, I do feel it is a good idea in a ubiquitous security framework. It doesn't hurt anything, doesn't add any significant complexity and only helps out a certain amount of end-users. That's a *good thing* in my eyes.
