The security controls and mechanisms that are in place must have
a degree of transparency. This enables the user to perform tasks and duties
without having to go through extra steps because of the presence of the
security controls. Transparency also does not let the user know too much
about the controls, which helps prevent him from figuring out how to
circumvent them. If the controls are too obvious, an attacker can figure
out how to compromise them more easily.