So true Even with the best of intentions you can't make a system "idiot proof".
When I was working on secure comms (for a Navy program but what I wrote wound up being reused in something more widespread) I was consumed with concerns about making it idiot-proof. I figured the equipment would possibly be around for fifty years. I asked myself, how dead-simple can I make this architecture and software so an engineer thirty years from now can upgrade it without screwing it up?