What protects the companies and freelancers who write these insecure systems from liability? Is it just a blanket “we are not liable” clause in every contract?