[disclaimer, I work in cyber security] Look at Matasano.com, John Bambanek, or Kevin Mitnick, they are all famous security researchers or companies. And all of them have been very publicly hacked in the past. None of them even speak about being publicly defaced and hacked, but all you have to do is read ZF0 and boom, evidence. Matasano's website still isn't even back up, and they charge inordinate amounts to profess to be security experts. I'm sure the big bucks are still rolling in for all of them, even though they can't even keep their own houses in order. Security reputation should matter, the same way reputation should matter. If you can't trust someones word, what can you trust from them? I'm speaking exclusively about the security industry in my comments. I personally still shop (using plastic) at TJX because their prices are very low. I wouldn't go to them for a PCI audit though, that's for sure.