"Is it safe?"
This is probably one of the most asked questions in boardrooms all over the world, when it comes to computerized environments.
If safe means 100% secure, the answer is always: "NO". Total security is not possible and the consequences of a potential security breach must always be carefully considered.
This not only applies to computer security in general but also to the security of each program being executed. Anyone involved in the process of developing software should adopt a mindset similar to that of the system security specialists, realizing that any form of protective shielding of the software may suddenly stop working, potentially allowing illegal analysis and exploitation.
Having a resilient form of self-protection built-in at the very core of the software may be necessary, even if it is running in an otherwise trusted environment.
Forcing an intruder to invest a lot of time before being able to convert a malicious attack into a profitable exploitation can in some situations provide valuable time and opportunity to detect and prevent the illegal activities or soften the repercussions.
A security scheme is measured by two criteria:
Searching for the strongest security scheme is a great starting point, but even the strongest form of protection is breakable. Furthermore some of the strongest security schemes have the unpleasant side effect, that once they fail, it doesn't happen in a controlled benign manner.
Example: Trying to mathematically calculate the private part of an RSA key pair is virtually impossible, but if a system is hacked and a private key is disclosed, all encrypted data is decrypt-able to outsiders, and this may include material intercepted over a long period of time.
Failing badly may also relate to a security problem that involves hardware or software components used in thousands or even millions of installations.
Hence a strong protection that fails well should preferably contain more than one "master-lock" and include some uniqueness to ensure a breach doesn't reveal everything and doesn't have far reaching consequences.
This strongly promotes the idea of using multiple protection schemes, which do not rely on each other1, in order to minimize the risk of a fatal single point of failure. By combining multiple self-reliant security schemes it is possible to design the protection to be very strong and at the same time ensure, it doesn't fail miserably once the cracker succeeds to pick the first lock. Many other locks/obstacles should exist.
Note 1: Security based on a "chain of trust" (perhaps involving multiple layers of sophisticated protection) should only qualify as a single security measure not stronger than the weakest link.