This image/comment is worth keeping in mind.
And before we think we are all immune, I could identify multiple University situations in both physical and computing security that show the same level of security logic. I think it best I do not, probably related to my constitutional right to avoid self-incrimination.
Which reminds me of an important system administrator philosophy we all should hold.
“Ask not why your customers [users,peers,employees,etc.] do what they do, but what you screwed up that led them to do that”
I just don’t understand why my peer system admins don’t do that more :-p