But nobody really wants to understand anything. They want a turn key solution. An intro to threat modeling is good. But it’s lost on deaf ears. The weakest link in compsec will always be the person using the device.
"It is a profoundly erroneous truism, repeated by all copy-books and by eminent people when they are making speeches, that we should cultivate the habit of thinking of what we are doing. The precise opposite is the case. Civilization advances by extending the number of important operations which we can perform without thinking about them. Operations of thought are like cavalry charges in a battle — they are strictly limited in number, they require fresh horses, and must only be made at decisive moments." - Alfred North Whitehead
I have been programming computers for twenty-two years right now, using them for twenty-five, and I don't understand much of anything. I probably understand more than, what, 95% of the population? More? And I still do things that I am sure are stupid and clueless.
Whether people "want to" or not is not relevant or meaningful. People have stuff to do. Wringing one's hands about "oh, but they don't want to understand" is the toxic kind of elitism.