Excellent thread, thank you.
The mere concept of hardening a network was daunting enough for non-IT people, way back when basic man-in-the-middle attacks were introduced into public discourse. This pervasive, collective, fear-based avoidance continues to drive many pedestrian users to dismiss such far-reaching risks as matters only relevant to IT/InfoSec professionals. Deliberate ignorance is always the biggest liability, isn't it?