A friend of mine at Microsoft told me this story about his manager, who is a very smart guy but apparently doesn't have the right mindset to be writing software that doesn't have security holes. The other day my friend and his manager were in their offices (just across the corridor from each other). The manager was making a phonecall. To his bank. On speakerphone. With the door open. To verify his identity, he had to key in his social security number. This number was then repeated by the electronic voice on the other end of the line for our entire corridor to hear. D'oh. To make matters worse, he continued the entire phonecall on speakerphone (with the door open).