> So there's no benefit in strong passwords, because they only extend the time taken to guess them when compared to weak passwords?
Isn't this like begging the question, strawman, or some other sort of logical fallacy?
The difference between a weak password (puppy) versus strong password (rE$l1^=^)vCQzI,m>M\m) is several orders of magnitude difference versus what we are discussing here. So much so that it does not have any relevance at all.
> Security isn't a binary decision.
I am glad I never said it was.
> A capability-based system may still be insecure, and some capabilities are trivially equivalent to root and therefore pretty much useless.
It depends on what capabilities your actually enabling. The benefits over 'setuid 0' can range from 'none' to 'everything in the world'.