It is a very big one and eliminating it is a huge improvement in security. You can then spend more time fixing all the other sources of security problems.