I ran across this article quite some time ago:
4 Unreasonable Security Practices You're Probably Following
It brings up some good points, and mentions risk quite a bit. Risk is the real issue when dealing with any type of security. Nothing is ever 100% secure, security is like a logarithmic graph, where you can make a really big difference by taking a few easy steps in the beginning, but as things try to get more secure, it gets much much harder for minimal gain.
An easy to understand example would be a door into a secured bunker. Imagine it's just an opening into a wall with no door. This is obviously very insecure. Adding a door and a simple lock would bump the security up substantially, but to get it much more secure, you need to start adding rather difficult things that wouldn't provide significantly more security. Some additions could include biometric locks and an armed guard, but in all honestly, the increased security from those isn't even comparable to the increase in security just from adding a door and a lock.
