I was once told (by a ticket agent) that I would not be allowed to take a 50-foot rope on board an aircraft. What would a terrorist do with a 50-foot rope? Cut it into 5-foot lengths (with a knife I don't have) and strangle 10 passengers without anyone noticing?
The problem is that designing security into a system, like a lot of other things, is something that should be done by trained experts but is often done by people who think it looks easy, but don't really know what they're doing.
In the case of the TSA, it seems obvious to me (as a trained expert - I hold a CISSP from the ISC2 organisation, and a CPP from the American Society of Industrial Security, among other designations) that nobody did a formal Threat Risk Assessment to figure out the most cost-effective (or even an effective) way of securing the system. They simply put together a committee to list all the things that they thought might possibly be used as weapons, and ignored far more effective (and less costly) security solutions. Okay they also put Air Marshals on selected flights (which I consider an incredible waste of money) and they may have done some other things we're unaware of, but in general I find the whole TSA security model amateurish and completely ineffective. (The ad hoc security provided by the passengers is the only real security being provided on US and Canadian airlines, IMO.) Admittedly, I don't work for the airlines or the TSA and so I don't have the whole story, but I believe I could easily bypass the official security measures. In fact, I've already done so by accident - I took a Leatherman Juice on board an airplane because I forgot I had it in my raincoat pocket. Nobody stopped me, because nobody at security spotted it.
_________________________
"The mind is not a vessel to be filled but a fire to be kindled."
-Plutarch