You're not wrong but objecting to fail-closed in a security sensitive context is entirely missing the point.