It should offer the opportunity to have cutting edge security, not insist on it even for those who don't want it.

Eh, I'm going to disagree with this because I feel like it sets users up for failure if they choose a lesser security. Because if/when something goes wrong (and they inevitably will), their word-of-mouth about how horrible an experience they had on this "scammy" platform is a powerful force which might keep potential new users from signing up. Besides, with the "customer" in mind, I don't consider "it's too secure" to be a valid complaint. That's like complaining that the safety ratings of a vehicle are "too high".