We definitely should! The current state of infosec as practiced, regarding, say, vulnerability to email trojan horses, is like using sharp knives for door handles, that instead of just mangling your fingers make a copy of the door keys and mail them to people who sent you emails. And then insisting that repeated user training is enough, and a cost-efficient counter-measure. Even in the face of repeated evidence that it's not.

A rested, focused, well-trained human is almost bug-free. No one is rested, focused or well-trained 100% of the time.