Not only that -- security is not 0/1, all or nothing. It is possible
to be more or less secure; building a security system -- like a
firewall -- that has only the two states of "wide open" and "absolutely
impenetrable" is a bad idea.
Security is about risk management -- see Schneier's book "Secrets and
Lies".
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)