Top 10 Security Myths decomposed.

In reference to Pete Lindstrom's Top 10 Security Myths, I am not sure I agree, but here they are:

1. Security through obscurity is a bad idea.
   
2. Strong passwords are strong.
3. Altruistic bugfinding is beneficial.
4. You can't quantify risk.
5. You can't get ROI from security.
6. Security is about process, not product.
7. SSNs are secret.
8. Program x is more secure than program y.
9. Stand up to your boss and "just say no."
10. Security is failing.

What do you think?

Rick