Agreed.
What he's proposing is simply to ignore the rule No 1 of network security: never trust anyone, specially you users.
This reminds me of a place I worked where one of the computers kept getting infected with a virus, even when their files were on regularly scanned network storage. After some time I found out that everytime I cleared the virus (which could not be repaired by my AV, so I had to delete the file) someone that used that computer restored the infected file from a floppy disk, which they never bothered to scan!
The more you argue your case the worse your chance to -really- win the argument, convince the other side. More often they will admit defeat to get you off their neck and keep believing their falsehood even stronger.
Sounds to me like religion.
To do nothing is to be nothing.