When I worked at IBM as a mainframe programmer in the 90's, the first lesson we were taught is, "There is no such thing as computer security, only the appearance of computer security. Usually, that is enough."
This true at the processor level because any "security" relies on the outcome of a single branch instruction in machine code. If all your security passed, we branch to the "let me in" code. If not, not. No matter how complicated your security is, it will all come down to a single branch instruction and a programmer who can affect the outcome of that branch will bypass any restrictions you put in place.
This is a fundamental truism of computer science, and the software we worked on at IBM did things like run ATMs. When was the last time you heard of someone hacking one of those to spit out bills? Usually, the appearance of computer security is enough.
That's true. Plus the question of how much security you actually need. I've interacted with many, many websites and apps that were horribly insecure (e.g. a hotel checkin tool that stored passport scans in a public firebase bucket...).
In the vast majority of cases, this doesn't actually matter (the passport thing of course is pretty bad). If someone found a vulnerability in a vibe-coded event calendar and hacked into it to change the timing of trivia at your local sports bar... who cares?
It's like home security. If you're not rich, famous or extremely unpopular, you should definitely lock your doors, but you probably don't need armed guards.
This true at the processor level because any "security" relies on the outcome of a single branch instruction in machine code. If all your security passed, we branch to the "let me in" code. If not, not. No matter how complicated your security is, it will all come down to a single branch instruction and a programmer who can affect the outcome of that branch will bypass any restrictions you put in place.
This is a fundamental truism of computer science, and the software we worked on at IBM did things like run ATMs. When was the last time you heard of someone hacking one of those to spit out bills? Usually, the appearance of computer security is enough.