Also implying that people will do even worse than I do, and thus reduce security posture — I am exactly aware of where the security boundaries are being broken needlessly (and I am accepting this risk), but many won't be. Which this is the whole point of, right?
there's your problem
> I admit to not have bothered to restrict it too much
and there is your solution