Thing is, sec should be taken seriously across the board.
I love what OpenBSD devs did - they seen an entire community of naive coders who didn’t give much of a crap about security and started something.
I have used OpenBSD for 10 years and thoroughly recommend it to anyone to give you a good slap around the face for how shit is done right.
I sort of agree, I think we should collectively raise the level of paranoia slight, by some tens of percentages, to remove a lot of negative outcomes - but I wouldn't expect off-hand hobby devs to even remotely apply the same level of risk management as OpenBSD does.