There has to be a middle ground between saying "security is simple" and "the sky is falling".

I think stating things like "don't trust user input" risks things like https://kivikakk.ee/cryptography/2016/02/20/breaking-homegro... happening.

Security is hard, programming is hard, we should all get better at both.