I was particularly taken by Marks post though as he has pulled some great sections from Toms post that gives some good advice to anyone looking at Oracle and wanting to state some fact about it. Proof and testing is a great leveller (not always, though as the circumstances of the test case can matter) in understanding and also in stating advice on something. These sentiments can be applied to Oracle security, especially Oracle security. If you think something is insecure in the configuration of your database then test the scenario and prove the case to be insecure. I try to use example code whenever necessary in my writings as an example should always prove the case to be true or not and aid understanding.
Read Marks post and Toms as they give good advice to anyone wanting to test a theory (mostly the original posts made by Tom et al is to do with tuning but the sentiments are valid in any endeavour).