Agreed, it's a struggle. We apply milorganite or similar biosolid product every third month to ensure the grass gets the nutrients it needs. Otherwise we get a spotty lawn, which in turn results in poor water retention and pooling.
Thinking one can take care of every aspect of security or privacy when implementing a public website, especially one that publishes UGC, is similar to believing in ability to deliver bug-free software: very likely presumptuous. However, a good way of achieving reasonable security is by reducing the scope of things you have to think about in the first place, preferably by offloading them to trusted implementations someone else (e.g., browser vendors) took care of where possible. Scoping cookies to subdomains, for example, comes in very handy.
I think the point the GP is trying to make is that if one has thought about security and privacy then one is more likely to use www.example.com instead of example.com for one's website for this very reason.
The suggestion is that using basename.tld instead of www.basenamne.tld adds to the security matters you need to think about, if not now then later if/when you add features on a subdomain that you (and/or your users) want to keep separate in terms of cookie sharing.
In that sense using www.basename.tld is thinking about (or at least autonomicly mitigating, by way of scope limiting) those potential security/privacy issues.
I have always liked the simple expression "fail to plan, plan to fail". And by extension a modified quote of Eisenhower's: "plans are worthless, but planning is essential."
Yep. If you have to spend a week in hospital in the US it can break you even if you have "decent" insurance. Three words that strike terror into the hearts of Americans: "Out of network"
