How is killing processes when the user "logs out" at all good for security? If the processes were malicious or vulnerable, they could have done their damage or been exploited while the user was still logged in.
You don't think malicious code could wait for certain specific times to trigger, rather than running immediately during an active login session where it could be traced back to?
