Fwiw, it's not your responsibility to maintain a secure computing environment (assuming you're a researcher). If you, personally, have to vet the whole system and all the software you use for security, then they have none.
A competent system administrator with a knowledge of system security can easily configure a host so that when you SSH in, files you create are not given world-readable permissions by default. They can add other lock-down mechanisms that isolates all the users' files entirely. And they can simply disable all world-writeable folders like /tmp/.
So in case anyone gives you (or anyone else) a load of crap about using insecure software, ask them why their systems are so insecure.
Still not your responsibility. If they don't cough up the cash to properly manage the security, they can't expect any. Just because a trucking company doesn't want to pay for a mechanic, doesn't mean they can expect their drivers to repair blown engines.
- all input ports are blocked. Kinda provides security. Works fine as if things are so dire most academia would be hacked.
- these are not valuable like data from SSN or bank. So fewer attacks.
- if something gets f*ked - it gets bad name - people laugh it off. No one will get fired.
I know uni presidents that keep passwords on excel sheets. Life is like that.
Let's be honest corporate says training, retraining, testing - IT will install 3 different malware scanners and 2 AV to HOG CPU etc but some idiot will approve MFA/TOTP (okta) or like solarwinds. So everyone has their stupidity.
A competent system administrator with a knowledge of system security can easily configure a host so that when you SSH in, files you create are not given world-readable permissions by default. They can add other lock-down mechanisms that isolates all the users' files entirely. And they can simply disable all world-writeable folders like /tmp/.
So in case anyone gives you (or anyone else) a load of crap about using insecure software, ask them why their systems are so insecure.