I really don't understand that.
How is that not like my saying, "Well, sure, theoretically I should be hashing the passwords in my database, but practically speaking we can't expect that it's going to matter anyway."?
You are making an allusion to the perennial controversy over "theoretical" vs. "practical" vulnerabilities in my field. That's an interesting point, but unfortunately not a valid one.
In security, "theoretical" vs. "practical" is a fig leaf used (mostly) by vendors to avoid facing up to their responsibilities after having shipped flawed products. Calling something "theoretical" shields people from culpability, mostly in public relations, but clearly isn't actually an assessment of the real-world impact of most vulnerabilities. It's spin.
But the fact that the words "theoretical" and "practical" can be used as spin doesn't mean the concepts of "theory" and "practice" are inherently spin; the reality is quite the opposite. Outside of computer security, we'd be well advised to use those words more; our adhesion to the notion that all theoretical threats are practical is probably a major component of the "security theater" trend that has us all getting electronically strip searched in airports.
I recently had a close friend go through the court system on multiple felony charges. That particular introduction to the legal system was eye-opening.
The real flaw in this argument is that as soon as you mark yourself out as "that guy who's being a dick" you attract a lot of attention, and you're more likely to wind up in court on some other charge.
For instance, there's a very high probability once you've started being a dick that they'll decide to thoroughly search your suitcase. Have you accurately reported the value of all goods acquired overseas on your customs declaration form? If you haven't (or even if you have but they feel like quibbling over the value of some of those goods, or if they suspect that some of the goods acquired in the US were acquired overseas) then you could potentially wind up getting charged over that.
But doing the right thing can also get you into trouble. Just as Pascal Abidor.
With software, you can have the computer try millions of times to go after that one crazy race condition. Meanwhile, your average crazy bomber generally has one chance to get it right before everyone on the plane attacks and subdues him.