Steve,
If you can tolerate sloppy security, then I haven't a prayer to convince anyone else. Many folks have your attitude, which amounts to complacency in matters of security, based on an estimate of the persons loss exposure, should the site be compromised. I'm not going to try and convince you that your estimate is lower than it actually is. There isn't any use in trying to convert the masses of citizens, that our collective security is jeopardized when we passively accept incorrect security practices with those to whom we do business, when public icons of personal security, which you have become, actively condone the behavior.
I have little hope for any country who's citizens will accept even the worst security practices, simply because they do not perceive a personal loss exposure. I get this attitude from MD's as well, because they don't see a personal downside to dealing with hospital information systems that have truly no functional security policy. Their view is that it's the hospital's database, and if the hospital won't take adequate security measures, it will be the hospital's problem, and there will be no personal impact on their own business.
I assure you that if the citizenry will stand by and tolerate this attitude, the Federal government will institute laws and policy, in the name of national security, that will reach out to everyone, and make them part of a particularly personal liability based on notions of collective liability, that will slowly entangle us all in very hard handed government based security, that we may never be able to throw off. Ultimately the citizens will get what they allow.
None-the-less, I respect your right to act in accordance to your beliefs. I anticipate the worst, all the while I pray that I am wrong.
Best wishes to each of you. You are now returned to your regularly scheduled programing. Ignore the old fart who wrote this letter, he's truly harmless, but doesn't hesitate to speak his mind.