Are we supposed to ignore announcements of documented compromises then? Or are you saying compromised software is the safest of all?