The trouble when developing, though, is that while we can decide if our site needs to be super secure, such as if it’s for a bank, we have limited to no ability to predict, and really no ability to control, whether our users will be using a less than secure Internet connection, or on a computer available to others. Unless we’re developing for an extremely closed internal web application. Ergo, we have to draw a line somewhere and say “here are the rules for how we develop” and I assume that, when in doubt, they should cater more towards the security minded rather than the convenience minded. But maybe that preference is where people are divided?
1 Like