Security Myths

I watched a Webcast yesterday by Jesper Johansson and Steve Riley on security myths. They haven’t posted the on demand version yet, if they do it should be available here. If not you can get some of the same material via their articles from March and April.
Article Part 1
Part 2
The Myths:
1. Security guides make your system secure
2. If we hide, the bad guys wont find us.
3. The more tweaks the better
4. All environments should follow the advice in
5. High security is an end goal for all environments
6. Security tweaks can fix physical security problems
7. The lemming security model: Always follow expert recommendations.
8. We need to audit everything
9. Password cracking is our biggest problem
10. Security Tweaks will stop worms and viruses
11. Technology can fix user problems
12. Friends will always be by your side
13. Encrypted attack traffic is better than clear text attack traffic.