I will never forget a conversation I had once with an IT administrator. He was in for training and he told me that he refused to let anyone see his configuration including his boss. Reason was he didn’t want to expose any risks he might have. So I guess only the hackers have a right to know the risks.