Of course, in a high level discussion about humans, as it is with governance, it's hard to be precise about where the governance stops and where the tech starts. The way I try and do that is with the Principle outlined above - we automate what we can, then we govern the rest. E.g., good example of this is Bitcoin - the automation design solved the problem of double spending protection, so we no longer needed that central party to do that. But there was still "all the rest" to deal with. That's the domain of governance.

Then, of course, we can always accept a risk - as you describe it's entirely possible to say "code is law" and when the code hands it all over to an attacker, then the result is clear, you lost. But, saying it up front and expecting it to happen depends on humans behaving like computers. Humans aren't deterministic, they can happily say one thing and mean another... And so it happened. In terms of this article, Ethereum had a near-null governance layer at the start and then invented one on the fly when suddenly needed to satisfy the bulk of the "money". So, one can say the code was fine, leave it, but if people don't agree, then change happens. That's governance, and I'd argue it's bad governance and badly designed governance. We can do better.