[jamess]

Generally, this sort of thing isn't worthwhile unless the liabilities you're exposed to by being broken are in excess of about $10M. Anything less than that, and it's a job for a butch insurance policy.

If you're reasonably confident that you've got a decent security model, and you've coded it defensively you're probably OK. I wouldn't stress about it too much at this point.

[bhb]

We're certainly under $10M in liability, we're confident in our model, and we're seeking less formal (but free) feedback from friends and peers on it, so I think you're right - we just won't stress about it too much right now.

Thanks a lot for the advice. I really appreciate it.