Ian Grigg has a simple question, What’s your threat model? in one of his many rants about SSL–

It’s hard to come up with anything more important in crypto. It’s the starting point for everything.

Who is attacking? How will they attack? How will you mitigate it? These are the most important questions you must ask of any security claims, and unfortunately the ones often unanswered.

Threat modelling is one of the many ways in which you evaluate the promises of security techniques, usability another. Kerckhoff’s Principles outlines what made early crypto systems humane, and much of it still holds true today–

1. The system must be substantially, if not mathematically, undecipherable;
2. The system must not require secrecy and can be stolen by the enemy without causing trouble;
3. It must be easy to communicate and retain the key without the aid of written notes, it must also be easy to change or modify the key at the discretion of the correspondents;
4. The system ought to be compatible with telegraph communication; The system must be portable, and its use must not require more than one person;
5. Finally, given the circumstances in which such system is applied, it must be easy to use and must neither stress the mind or require the knowledge of a long series of rules.

Security is not just a technical problem, it is a social one —a secure system is one that accounts for users, rather than blames them. If you don’t take users into account, or attackers, what you have is not security, but security theatre.