No kidding. The only perfect security just happens to lock out all legitimate users as well. So long as some one can access the info, then some one else can find a way in as well, the more people that need to be able to access it, the more ways in there will be. It doesn't help that traditionally, security tends to be the lowest item on the list. Need to save money, most companies will skimp on security before they will skimp on janitorial. Guess they want to be sure the place looks nice for any one that breaks in. Same goes for computer systems. The order of importance seems to be, Make it look nice, Make it simple to use, Make it work, and make it secure. Sadly, it pays off to work it that way. If it looks good, people assume any problem with it is their own fault and not the program. Make it simple and most people don't realize just how few options they have and just how little they can really do with it. Make it work, well, folks expect problems and blame them selves, so we can fix the bugs later. Make it secure, but don't do anything that prevents to legitimate users from doing what they should... Good luck on that. Best example of how people react to a company making an attempt at doing the right thing and getting hammered for it is, and I /really/ hat to say this, but... Microsoft and their access controls in Vista/win7. They started to do it right and put in real security, and people went ballistic. Problem is, people didn't get pissed that it only locked the user out and let hackers through, they got pissed that it asked them before just doing things. Now, I'm not saying it couldn't be done better, it could have. But look at what people complained about, 'it's in the way', not 'it's insecure'. Right there shows why things will never be secure. People want convenience, not security, and people are the ones that pay for the work.