Yeah, that's true. Threat vector acknowledgment and the appropriate opsec help mitigate, but I know what you're getting at.