I think there should be two concepts that are taken into account when deciding if a change is actually worth implanting and it should be about efficiency of building the product after the update has been made and the severity of the risk. A product can be perfected multiple times until it is almost impossible, even though as mentioned in the lecture someone will always find a way and it is difficult to predict every possible risk, but it is useless if those safety features make the product too complex to build. A complex build will decrease efficiency and more likely profit because it may cost more to add those extra features, so the success if reduced tremendously. A harder to build product could also make it more difficult to replicate because small errors in the build could cause it to fail or even create new unforeseen problems. I think that is the time to use the risk matrix and try to rate the significance of each risk and where it falls, once that ranking has been created it is time to input how difficult is the solution to implement and what is the work around. For example, could a simple warning label be enough because there is no other actually useful route to fix the issue. It is definitely a thin line that you have to cross sparingly because it can be hard to decide what risks are worth altering the design of the entire product for, but then it may just happen that there is no solution and the risks are simply too great, so it does not make sense to continue with the product.