It seems to me that this aspect of security is not mentioned in the Security docs, and this seems strange, taken that the user is often stated as the ultimate weakest link in system security.
It makes no one happy to keep users' data safe from intruders and tell them to have strong passwords, if/when they fail to get their data on Moodle in the first place due to various error states of the system or the UI giving them various 'destroy my hours of work' buttons to accidentally hit on.
Please comment: Critical: Keeping user data safe
Thanks.