Completely agree. Which is why I say at the end of my original comment that security is "always a compromise." Put another way, you weigh the day-to-day cost of more hardware and man hours against the potential future cost of a serious security exposure.
Unfortunately most people are bad at calculating potential future costs. Which leads us to your second point about needing a good security guy. =]