Right. On the other hand, a Bash script has a low barrier to entry, it's handy not to have to install certificates on the client, and the highest possible security is not always top priority (if, for example, you're just trying to evade your government's illiberal bulk domain/IP address collection policies). Swings and roundabouts, I'd say.