Security is never a 'solved problem'. There is always a trade-off between usability, performance and security. Think of it this way: You run a server on hardware that no single human understands fully. On top of that, you have some devices for which pretty much the same applies. On top of that you have an operating system consisting of millions of lines of code, and again, nobody can fully grasp everything. On top of that, you have your webstack which adds even more complexity. You are hooked up 24/7 to a network filled with criminals.

Security is not just intrusion prevention, it's also detection and recovery. PE chose to reduce the negative effects of a successful intrusion.