This is a very interesting question that Steve Riley talked about in recent post on his blog (here). And of course, a number of people have asked him if he is recommending such a stance to other individuals or to organizations. Quickly after that Steve gave more detailed explanation (here). More important is that security decisions always involve tradeoffs. They also (should) involve an intimate understanding of what the users will be doing with their computers.