> any system which is insecure should be a legitimate target, and the onus needs to be on those who own the systems to secure them, and be unable to disclaim liability if they do not

And what is the limit on that, because the only actually-secured system is one that is not connected to anything or accessed by anyone.

Look, I agree that people are shit and the only person you can trust is one you've killed yourself, but that's not really a workable solution.