[laurenceputra]

yea, you are now aware of the mass assignment bugs, but what about previously? even github got affected by it. are you saying that they are incompetent? what about bugs that have yet to be revealed?

what i am saying is that there may be some things that you forget about, because we are all humans. and in order to mitigate the risk from us being humans, we should not store passwords in a way that is easily recovered.

[prusswan]

Have you stopped beating your wife? Are you now aware of the mass assignment bugs?

Aside from the fallacy, it is a false argument to pose all risk as bad. Given what is presumed to be your idea of acceptable risk, I would expect you to surf the net behind 7 proxies: http://knowyourmeme.com/memes/good-luck-im-behind-7-proxies

[nubis]

You're repeating yourself now, do remember that all systems are built by humans, and as far as encryption goes do remember that unless your email is encrypted on the server using a password requested from you in order to encrypt and decrypt it every time you read it, then you are not safe. We are professionals offering a professional service. And FYI, Rails developers have been aware of mass assignment bugs a long time before github got bitten.