(Sorry about quoting email, I usually just send to tech-security but 
since almost everyone replies both ways I figured that was the standard)

Well, okay then. I'll admit I have very little (verging on none) actual 
experience in real-world administration and shared use, so I can only 
see things from an ideal/theoretical perspective. My apologies for 
polluting the otherwise useful mailing lists with these ramblings.

Passive security will have to do, then :)