Jeff is concerned with the current state of online security. So many companies are taking security for granted. They send software passwords in an email and other foolish acts online. Leo says that the CTO should know better. But Leo also admits that security is hard, and there's no such thing as perfect, bulletproof software when it comes to security. Inevitably, the software will get flaws, as they get updated. But a lot of the software has dumb mistakes that slip through due to arbitrary deadlines. Even a company like Apple can end up with undetected bugs in their software, in spite of a lengthy beta test. And even when they get it perfect, they could mess that up with an update or a new feature.
But poor security practices are also a major issue and comes from an outdated manner of thinking that security online wasn't really an issue back in the old days. Nowadays, if it's online, it's a target, and CTOs and security experts need to think like a bad guy and always think what's the worst that can happen. Or, it'll cost more to fix than the company is willing to pay. It helps when customers who care point out flaws, however.