Oh Tom, your post reminds me of my past activities in the security field, when I was actually using for real my CISSP certification
Well, the issue is basically security means different things. You can have Confidentiality, Integrity, or Availability (known as the CIA triad). You can't have all of them at the highest level at the same time, so you need to evaluate what is more important for you. Often in backups, integrity is the first goal (be sure your data are the same as you saved them, when you restore them), but then you choose between availability and confidentiality. Encrypted backups are the best example, you prefer to be fast on restores (availability) or be sure only authorized people can restore data?
Everything in a design exercise is about balancing and choosing options...