Clients with little to no technical know-how are most likely to demand an outrageous feature for their application than tech savvy ones. Therefore, when a client demands risky features, it’s essential for me to prioritize the system's security while addressing their needs. The risks involved here should be clearly outlined, detailing how certain features could compromise security of the app. I may try proposing safer alternatives that achieve similar outcomes. New features should undergo thorough security reviews before deployment and also align with best practices. Setting clear boundaries and emphasizing the importance of security helps protect the system while maintaining a collaborative relationship with the client.

Not only you, but clients also have imagination and can figure out various scenarios; be transparent about client’s expenses (both financial and reputational) in case of an exploited security breach, and in 90% of the cases the client will stop insisting on a particularly risky feature. In the remaining 10% a good argument can be that security is one of your company’s _competitive_advantage_, so that the client views the your risk aversion approach from a positive perspective.