What is the interesting point? That users should place a foolhardy, ridiculous level of trust in developers and processes that they don't know and have no insight into?
I don't know what it takes to build a lot of things, but I trust that the engineers will do a good job. I see no difference with software.
I've always found it odd that SWEs can harbor this type of opinion. That is, "it's the user's fault for trusting me/us." when every other engineering discipline would consider such a stance insane. All other disciplines would place responsibility directly on the engineering team. Whether a plane falls out of sky, a car explodes when rear ended, a bridge collapses, a chemical causes cancer, or an oven electrocutes the user, in all cases we'd point the finger at the engineers (or company that performed said engineering) and demand an explanation. I see no difference here.
Full disclosure: This is coming from someone who was originally studying to be a ChemE before switching to comp-sci.
It might be interesting to point out that in all the examples you give there exist strong regulatory requirements. Are you (we, collectively) saying that regulations and government oversight should be on the table for web sites that provide services requiring a certain level of security?
The regulatory compliance varies from state to state. For example, ChemE doesn't require a PE in most (all?) states. Typically, regulatory compliance is only required when the work involves some sort of interstate commerce.
With all the leaks and concerns over privacy lately, I think we'll see some sort expansion of the laws covering PII sooner than later. So wether or not I agree with it, I think this will happen.
That is, "it's the user's fault for trusting me/us."
No, it's the user's fault for trusting any given site more than necessary. People outraged that LinkedIn leaked the same credentials that they use for PayPal, for instance. That is ABSOLUTELY a user issue. LinkedIn, and many before, screwed up. People aren't upset as much about the root screwup though (I mean just reset your password and move on), but that, yet again, it reveals that people rashly and irresponsibly reuse credentials en masse.
Your analogies -- if we accept that software should be built like a bridge (which is ridiculous) -- is misplaced. LinkedIn, like a bridge, should be built well to the limits of its purpose. If a bridge has a defect, however, it shouldn't cause my house to fall down as a consequence.
I've always found it odd that SWEs can harbor this type of opinion. That is, "it's the user's fault for trusting me/us." when every other engineering discipline would consider such a stance insane. All other disciplines would place responsibility directly on the engineering team. Whether a plane falls out of sky, a car explodes when rear ended, a bridge collapses, a chemical causes cancer, or an oven electrocutes the user, in all cases we'd point the finger at the engineers (or company that performed said engineering) and demand an explanation. I see no difference here.
Full disclosure: This is coming from someone who was originally studying to be a ChemE before switching to comp-sci.