I agree with you on that, but at the same time the best security strategies are usually multi-level.

Protection at the application and access layers are always ideal but in that rare case that some major exploit comes along it would be ideal to have extra security one level deeper.