Survey: who has disabled security?

I am curious as to everyone who has either disabled the security settings all together or turned them very high.  I'm starting to see some issues where users are copying and pasting their descriptions and other issues which are blocking legit users from using the site.  I've blocked one true malicious attack, but I'm not sure if that one stop is worth stopping all the standard users.

I wonder if a better solution is to keep on the email notify but turn off the actual stop or set the stop function really high.

I've disabled the feature across all of my web sites. I, in all honestly, haven't noticed any security vulnerabilities with it disabled.

This feature was obviously not added with Dolphin in mind and requires more work before it can be considered usable.

The security alert system is a joke in its current incarnation, not to mention undocumented so I have no clue what the meaning of any of it is.

There should be no need for such security issues if the core of the codebase already has protections in place such as:

- XSS filtering

- CSRF protections

- SQL Injection protection

- De-tainting any & all input, including actions by admin accounts

- Safe error condition handling

Most of that is extremely easy to do when building a CMS from scratch but legacy stuff is hard to retrofit.  I'm more concerned about a functionality flaw causing an issue with D7 than the system being overzealous to alert me of possible attacks.

I've disabled it..

it made it impossible for even the admin user to add any content

Me too!