But then you don't get the joy of throwing the baby out with the bath water.

90% of the time someone insists AD is too insecure for them, it's because they're unwilling to maintain hygiene (logging into an untrusted machines with overscoped credentials 8 times a day), or unwilling to use the provided security features (what do you mean use kerberized services? ldap binds work just find and give me an anti-ad security straw man!)