It is difficult for me to rationalize a serious concern for "security" with the idea that one should lie back and expect the packaging team to take care of it all for you. If you are concerned with security, you should be actively configuring security features yourself, not expecting that someone else has the same priorities that you do.