It maybe vulnerable to malware been installed by the user, but that can easily be stopped by proper training, and professional practices implemented.

Social Engineering, hehe, kinda reminds me of Hackers!

Tominator