Security: There's incompetence, and there's major incompetence
It's one type of incompetence to keep the personal identifiers and financial data of customers on your laptop and then lose it -- twice; It's an entirely different type of incompetence that allows government data to be compromised through a network. Last year at TechEd, a demo showed how a completely patched network could be compromised using an exploit in a web site. The best part of the exploit was made possible due to turning on more functionality than was necessary. Namely, one issue in the demo was that the router configuration allowed port 80 and port 443 traffic -- despite the fact that SSL was not in use on the web site.
(continue)