Excellent points all round, and it illustrates the weakness in ignoring "availability" to users in your threat modelling...