The problem with that model is that it only takes one little defect in the armour to ruin the whole thing. Day in and day out for the past few years, I have been hunting down data breaches. I found quite a few and every single company's website that's involved in these data breaches has a statement to the effect that, “We follow industry standard practices”, “we use umpteenth level security and encryption”, etc. I find these databases to be open to the public Internet, not encrypted. They have no password and no user name whatsoever. It only takes one developer to mess things up and cut a corner and do something that is a little too risky and not best practice.
On February 5th, 2019. See this statement in context.