The problem is not - and has never been - accidentally stumbling on insecure features. The problem is social engineering, where inexperienced users are guided by malware operators to run insecure software, either over the phone or through countless malware sites on the web that claim to solve their problems.

These are real, tangible risks.