One assumes LinkedIn would also know better than to tell users "We'd like to import your contact list to match you up with existing members" and then go ahead and spam everyone in that contact list about joining linked in, but that was also shown to be an incorrect assumption.
The only thing one should ever assume with respect to _security_ is that the other party is going to do it wrong unless it's written out for them.
The only thing one should ever assume with respect to _security_ is that the other party is going to do it wrong unless it's written out for them.