The lower level networking protocols do rely on some levels of peer trust, but carefully controlling that trust has come a long way in the last decade. If I'm correct in assuming by "actual security" you mean "physical security" you're making some pretty broad and faulty statements (even about layer 1).
There are many networking devices and techniques for hardening hostile networks at layer 2. Layer 3 is IP; to say level 3 (or 4) measures are not "real" is throwing HUGE swaths of security out the window.
Sorry, I double-posted accidentally and it looks like I deleted the wrong one. I meant that layers 1-4 should not be relied upon to provide your application security. You are right that there are cool advances that can be worthwhile to slow down attackers, but I think that in most circumstances, you will want to make your guarantees higher up the stack*
