Steem is ultimately secured by the password recovery and time-locked funds.
Multifactor authentication can also be used in the future. In the mean time, users are their own worse enemies. Forgetting / losing passwords is far more common than hacking.
Unfortunately, even with a 16+ character password people are too stupid (in general) to pick secure passwords. Any system that assumes people will be smart and use techniques that allow them to remember their password is flawed. Hell, I cannot even remember my own passwords for services most of the time.
I still think this way better as it is... I still trust myself more than those trying to hack my accounts and those mail recovery, makes it even worst. Choosing our own secure password manager makes it better and easier imo. easier to customize to each one needs.
The default article tag limit of 5 can be easily spoofed for a 6th tag. Just FYI.
https://steemit.com/steemit/@bayareacoins/so-you-think-you-are-limited-to-5-tags-for-your-post-now-wrong-click-here-to-learn-how-to-get-your-article-listed-with-6-tags
I really couldn't say for sure.