My first job out of graduate school was working at Trusted Information Systems, where I met some of the top people in the information security field. I briefly shared an office with cryptography guru Carl Ellison; I came across a great little story on his web site today:
I had this great bicycle, once. I kept it in the walkway under my rowhouse in the Federal Hill neighborhood of Baltimore, locked behind a solid wooden gate. To protect it, I went out and bought a hefty padlock. The lock cost a fair amount, but my peace of mind was worth it...
Eventually I found the padlock, above, discarded in the empty field across from my house. We never recovered the bicycle, of course. The lock itself wasn't attacked at all, as you can see. I have never bothered to open it. I found it exactly as it is pictured and I intend to keep it that way.
There is a lesson here for security architects who [don't consider] the computer, operating system, protocol, human interface or physical environment of the application...