Why security needs to catch up to Web 2.0