We tend to approach it from the point of view that we never trust the thing below what we're working on. For example, if Eric and I are communicating, sending emails back and forth, we always look and say that we can't trust the network, because the way the Internet works, that communication could be routed all the way around the world and go through every single country, so we use encryption. That's how we would protect the communication.
We always look at how to layer in protections, assuming that something else is not secure. The more you look at that and the more protections you layer in—more things like encryption, security, account management credentials—the more security you get.
At one point, though, you can only do so much before you make it so unusable that users either switch, or they go around your security. That's one of the things the industry has to balance, but I think one of the key things is that the entire industry needs to improve its security. You should not have to know how to secure the basic things that are going into your home. You shouldn't have to investigate how to enable security. It should come and help you do that from the very beginning. The second you turn that device on, it should help you use it in a secure way. “Secure by default” is the term we use.