Update: Guess I should have read David’s followup post before making my point, since he makes it much better.

David Cowan is a VC (with a lot of security companies in his portfolio) who teaches game theory. He recently posted a "Lion Bait" problem, which I won’t repeat here. Game theory can be a bit frustrating for some folks (I still have a hard time with what he says is the correct answer). In this case, the comments were spun all over the place, until finally David had to calm everyone down a bit (read the comments):

"Look, everyone, this is a logic problem. It’s not meant to be a serious training session for sheep. Obviously lions aren’t super-rational. I assure you that not a single student in the class pontificated about lion psychology–we simply applied game theory, as this puzzle was meant to allow. Drone on, if you will, about our lack of "imagination" or "jungle smarts", but in the process you might as well dismiss every theoretical branch of math and science."

Read the comments in his post to see the problem with game theory in the real world (even though it is "rational"). This is why behavioral economics is important – because people don’t act "rationally". To tie this back to security and risk – this is also why the perception of risk may be as important as the actual risk itself.