As a response to the original post, security is a continuous process of improvement, you may be at a level where certain aspects may appear lax and vulnerable. At the same time there are users and investigators who are at a level in UI over internet where they can dilute your best effort. So please do not be in a haste to benchmark a security solution, rather continuously challenge it.
At the time of development - a developer definitely needs a near free hand to prepare a code, yet as we Tp the code to Test systems, the security needs to be tightened to a real life delivery scenario.
But I agree the integration scenarios with RFC or TCPI protocols need to be critically tested from all known angles.
Regards