For example, a small org with no security people or a non-profit could be made much more secure by following this, so why not publish it?