Bounding Insecurity
What is the likelihood of a security flaw?
What might the flaw cost you?
What will it cost you to close the hole? What will it cost you to close the hole later, after the system is deployed?
Being honest about flaws is easy. Being humble about architectures and code is hard. Remember that complexity is the enemy.