The United States managed in the early 1940's to build three separate research and assembly defense plants and keep the entire project a secret to all but a few involved in the process. The workers involved knew nothing. Thus clearance for everyone was not that big an issue but security of those facilities was. By limiting scope of task to all but a very few the overall obtainable knowledge was very limited.
Today everyone it seems has to know everything. Prior policy strictly limited access and more importantly knowledge to secrets. It was "Need to Know" thus a system for maintaining "genuine needed" secrecy was maintained. Now which feral I mean federal agencies actually need Secret and higher security clearance and of those agencies the actual number of persons? The same with contractors. Some of the best kept secrets were right out in the open but only those with need to know knew them :>}
Back in the early 1980's I had a knock at my door. An FBI agent wanted to ask me some questions about a neighbor who was my friend. I knew he had enlisted and I knew he had volunteered for Nuke Propulsion Program. My point? The information was not recorded. I answered the agents questions, cut too the chase and said I know he enlisted and No I would not question his dedication and allegiance to nation and he's certainly trustworthy for the task. Does the FBI even do that anymore to vet someone for clearance?
I was on a carrier and we had Nuke warheads. Everyone knew that. But access to them was limited to a very select few. If you tried to enter that security area and a M-16 round would be forthcoming. You were told once Halt. A couple of years ago three persons entered the secure area of one of the facilities used in The Manhattan Project. They easily breached security. What was it Buford T Justice said about an umbrella again? Oh and punishment for those intruders? They're free. Yeap Overturned after conviction.
If the DOD and a very few agencies allowed access to Secret and Above once again went back to what worked and limit access except for true "need to know" situations and use a Two Person Rule when material is exposed or discussed as well as securing the space involved our secrets may be far safer. If information even employee security records are stored in a database {one computer} that computer except for backed up info also done in same room should be a stand alone system inaccessible to everyone but the persons in the one location again with a Two Person Requirement for access. No Laptops, no thumb drives, no recording devices audio, data, or video, allowed inside as carry in or carry out.
That works and they are starting to get back to that. But enforcement of that rule is lax because a lot of security personnel think it will be a burden. And yes, it is a burden. But it is basically the only say to avoid a Manning or Snowden situation.
It isn’t a single man in a room that is the leaker of information. What leaks out of DC is a river of information.