But that is the case with any security project. You cannot keep the stupid from doing stupid things and they're the weakest link. Only by removing THEM do you remove the threats to any security system.
If your private keys are compromised, would you keep using them? Some in this world think it would be acceptable simply because the cost of replacement ($25-150 for a new certificate). Eventually the PHB's take over a perfectly working project and cause it to be declared insecure.