Redundancy
An important principle of security engineering is defense-in-depth. There should never be a single point of failure that would allow for the whole system to be compromised.
Redundancy is vital because no matter how much attention a team puts into secure engineering, perfection is beyond reach. Although we limit our use of third party software significantly, we do use some proprietary and open-source systems. Vulnerabilities and bugs are regularly discovered even in fundamental software like operating systems that are developed and supported with multibillion-dollar engineering teams. Our system’s security should never rely on its components being bug-free.