You are probably right about cherry picking. I know a lot of experts are aware of the problems but from an end user perspective security usability is still horrible and inconsistent.
No argument there — it's really interesting seeing the divide ultimately becoming users and experts on one side and people who are not experts but are setting policies anyway on the other.
