> Your sort of thinking is how you end up with Yahoo levels of account leaks.
I wouldn’t store any of my customers’ data on an insecure internal service! I know that’s mad!
> Security always matters.
The first part of securing a system is to come up with your threat model, isn’t it?
I'm completely sure that you're right. You know that would be irresponsible and reckless with lots of very sensitive data.
With that said, how sure can you be of every other person writing a simple, small, business app for just a handful of their coworkers? I've encountered some people doing exactly what you've described without the same level of cool-headed risk-weighing as you.