I worked on a system for the Police in the UK many years ago - the data wasw held on our mainframe in Liverpool, and the users in London had terminal access. The head of the end users' department was horrified to hear that the "highly sensitive" data was held in Liverpool - apparently a hotbed of IRA sympathisers - heck - I even had an Irish surname myself! After seething for a while I assured he that we were all security cleared to at least the same level as him, so If he wanted to make further allegations let him try!
I went down to London to visit the users a couple of weeks later to find out that they had somehow learned how to program the function keys on the terminals and had hardcoded their logins into a macro and assigned it to one of the keys, then put a sticker saying "LOGIN" on the key! So much for security (and these users were serving police officers)!