@darius I did a bit of putting them in the same bucket, but mostly I was saying that "I need secure software" can be an access need, and "increased complexity for customization" vs. "decreased complexity for security" can be competing.

(Although there might also be larger-scale security design practices -- compartmentalization? better permissions/capabilities structures? langsec principles? okay I'm kinda tossing out buzzwords I've randomly come across and can only mostly define, but I'm somewhat confident -- that can give MORE room to both/and that a bit, give more space for both efforts. But there still is a fundamental tension there.)