rule 23

(exception to previous rule) When it comes to security, do it right or not at all. Something that has the appearance of security, but is severely flawed (e.g. HTTPS using SSLv3), can be worse than something that is explicitly not secure (HTTP). Enable and encourage decisions (for users, mgmt and colleagues) based on reality, not appearances.