I understand this discussion is about avoiding snake oil, and only using good quality trusted respected systems, and using them carefully, but making them easier to use.
Some examples from PGP include Bob signing Ann's key without sufficient verification, or people publishing their private and public keys by accident.
Remembering that many people are just hopeless at security ('123456' used as passwords; people clicking through browser certificate warnings; people installing malware and ignoring OS warnings about untrusted sources) it seems a reasonable point to make: "Secure products can be made easier to use, and if they are both good and easy to use it will enhance security".
