Security Musings For Application Architects