[MaxBarraclough]

> I define insecure as a machine/user getting compromised

So a bank using plaintext HTTP doesn't qualify an insecure?