6. Don’t trust the client, it is in the hands of the enemy.
When did that ever stop being true or important? In fact, amazingly many people get this wrong, including many programmers I've come into contact with as a consultant. The top suggestion for securing their server/service is typically to use encryption even though they don't control the client. I don't think this fallacy can be pointed out often enough!
Which is? If I am ever in Austin, I'd like to look it up.
I went out of my way last time to find well-recommended, off-the-beaten-track BBQ in Memphis (we did a road trip from Chicago to Austin this summer), and was disappointed. Slate had the same experience.