Things that confuse me, volume 1

Just felt compelled to document my ignorance in a handful of posts I read last night and this morning:

  1. "IE Protected Mode, while not a true defendable security boundary" So what exactly is a true defendable security boundary, and why doesn't IE protected mode fit the bill? Are there other examples of truly defendable security boundaries out there?
  2. "As security through obscurity does not exist" What's your password again? and your firewall configuration? And does security without obscurity exist?
  3. "Shouldn’t the MBTA be suing the vendor who sold them the flawed system?" Hmmm, I don't know – is there such thing as a perfect (non-flawed) system?