So we have gobs of busy people that might not know a lot about computers and security clicking and surfing all over the web (logged in as admin), but that think they know what they are doing. Sounds like a recipe for disaster or a great Monty Python episode involving loaded shotguns.
One disturbing finding of the report was that many users are not even looking at (and/or understanding) the indicators they have available in a browser that relate to their safety (SSL padlocks, location fields, status bars, etc). This is akin to getting off on the _wrong_ exit at 3am in an unfamiliar city holding a map. Not good.
Users are really good at what they do: they usually master complex interactions between their customers; they can find holes in the process and fix these; they develop an intricate support network to deal with daily occurrences, and they make their living processing uncounted transactions every day.
But they don’t know your tool, and they definitely do not abide by your rules.
Similarly, you are completely unaware of other people’s areas of expertise – even though you are competent at whatever is it that you do. Therefore, shut up, listen and learn.
BTW, this is why democratic, diverse and encouraging environments are always more successful that restrictive ones: the respect inherent in allowing someone else to dissent makes the system more resilient, stronger and adaptable.
And that is what you want in your app.