Almost nothing is built by security engineers, including security features of security products at security companies.

I'm a security engineer, I have built things like this, and I made the original comment. A lot of my job revolves around developing automation for security needs.

Also, many of the top 100 domains serve user-generated content (like AWS/S3). Blindly trusting anything from them just because they are big is so woefully misguided it boggles my mind; I seriously doubt that anyone is actually doing what is described in the article.

Idk, I have done security audits for startups and small tech companies. They won't have a security engineer on staff and are "moving fast and breaking things". I've seen things much more misguided than this.

I just finished working at a small company like what you are probably describing. It was...horrific. But I try not to think about that anymore!

True masters of security realize all software is flawed, and therefore write none.

Use none, too.

Many people are woefully under qualified, we need to have a working society anyway.

Yeah, I'm not sure that baby-proofing everything as proposed here is going to result in a working society.

If we expected airplanes or cars to be able to be safely operated by people with zero understanding of how such vehicles work, nobody would be getting anywhere.

You eventually reach a level of stupidity and/or incompetence after which trying to alter the product to coddle those users becomes counterproductive.