I'm not offended, but y'all say you disagree with me, then go on to basically support my point. Not a problem, we just have different ways of delivering the same message I guess.

Work under the assumption that there is no real security. Then you can prepare for if/when your security really is compromised.

It's like why I carry a concealed weapon. Chances are I will never have to use it to defend myself. Odds are that my lifestyle will preclude me from those sort of confrontations. I don't hide in my house to avoid crime, but I plan and take reasonable precautions because it is always a possibility. I take the same view about using the internet for anything. I still do business on the internet, including accessing public Wi-Fi connections and using mobile devices. I assume I have been/will be hacked somewhere along the line, so like y'all, I've taken steps to insure that no real damage could be done. Since I am not as tech-savvy as others, my methods for mitigation are to control the source more than the method. Hackers probably won't have a hard time accessing my info, but it also won't benefit them much either if they do. Seems like the easier route for me. YMMV.

We may not agree on the approach, but the objectives are similar. Making it not worth the bad guy's effort to come after us is good strategy.