I would need to ask the follow up question. Okay so what happens when someone gets in? Say some idiot install something they should not. Or there is some vulnerability in something you allow in?

Extra layers is good. But it does not mean you can forgo anything else.