I have not caught a single piece of malware in 25 years on a keyboard. Not one. I spot a .scr disguised as a PDF from across the room. I smell a sketchy postinstall script ten meters away. At 14 I even wrote two or three viruses myself, just to understand the mechanics (the biology of it fascinated me, replication, mutation, persistence). The attacker, I know him from the inside. This morning I audited my home directory across the last 12 months. 600 secrets in cleartext on my disk 😬. GitHub PATs, OAuth tokens, AWS keys, Google API, JWTs, the whole buffet. Not in a .env forgotten on a public repo. Not in a botched commit. In JSONL files buried inside ~/.claude , a directory whose existence I barely registered two weeks ago. This is not a mea culpa about bad hygiene. Fifteen years ago I had 100 passwords in Keychain and that was enough. Today we carry dozens of API keys around, tools log them without telling us, and my 25-year discipline was never calibrated for this.…