The hard part is making sure this random list of things I found on the internet is sufficient to keep the site secure, and taking the blame if it turns out not to be.
As opposed to trusting the random black box company on the internet? Don't you take the blame still for picking a company whose product you are unable to do due diligence on?