Yes, the problem is that it is considered an option at all. Are they running ROIs on harvesting passwords, blackmailing users and infecting all clients with malware?