You don't trust a system because it looks fine — you probe it. Pick an attack, see what breaks, then branch: if X fails here, try X+1 next. Four features are why you can't skip this.