I was once trying to explain to an exec why his account would never be absolutely secure.
Me: "If somebody wants your account information badly enough, he's going to get it. He doesn't have to hack the system, he can just get it from you."
Exec: "That's crazy, I'd never give anyone my password."
Me: "Imagine you come home and find someone's broken in. He's got a gun to your daughter's head, and he tells you he's going to shoot in ten seconds if you don't give him your password. What would you do?"
Exec: [long pause] ... Which daughter?
To this day I still don't know if he was joking. But I no longer use that example.