Maybe we're talking past each other here-- there's a significant qualitative difference between the risks of uploading data to a globally-routable server somewhere, and storing that same data on a firewalled, password-protected system on an internal network which could theoretically be owned from outside.
The former is obviously unsolvable, and "don't transmit anything you don't want shared" is good advice. But surely we want to arrive at a world where typical end users can feel secure about the data on their own computer, even if it is plugged into an ethernet jack.
Aren't those things logically inconsistent? If I feel secure about my data, it means I have a strong expectation that it won't be stolen.
But again, we're talking about different stuff. Obviously the people reading this, who know what "zero-day" means, won't be shocked by any individual attack. That doesn't make it a good idea to encourage end users to believe that all computers are inherently untrustworthy. Normatively speaking, we should set an expectation of high security in general, s.t. normal people can have faith that if they use recommended software, and follow the rules, they're safe at least from non-state attacks.
After all-- if computers are inherently untrustworthy, why should users bother to follow the rules? (From the sounds of it, that might be exactly what happened to Sony.)
