Although there's some good stuff in here (some of which may be considered "obvious" these days), the tone is so typical of computer security: "Everybody else is dumber than me! No, seriously! I'll just enumerate a bunch of things they do, create a straw man case for why it's dumb (by for example not mentioning the constraints people are under, like time pressure and lack of funding/training), burn the straw man, and all that's left is my obviously superior advice which they should be ashamed for not discovering by themselves."