Not only that -- security is not 0/1, all or nothing. It is possible
to be more or less secure; building a security system -- like a
firewall -- that has only the two states of "wide open" and "absolutely
impenetrable" is a bad idea.
Security is about risk management -- see Schneier's book "Secrets and