This is a fantastic way of framing it, in terms of simple fundamental principles.
The problem with most presentations of injection attacks is it only inspires people to start thinking of broken workarounds - all the things mentioned in the article. And they really believe they can do it. Instead, as put here, we have to start from a strong assumption that we can't fix a breakage of the lethal trifecta rule. Rather, if you want to break it, you have to analyse, mitigate and then accept the irreducible risk you just incurred.
> The problem with most presentations of injection attacks is it only inspires people to start thinking of broken workarounds - all the things mentioned in the article. And they really believe they can do it.
They will be doomed to repeat the mistakes of prior developers, who "fixed" SQL injections at their companies with kludges like rejecting input with suspicious words like "UPDATE"...