If you're pointing out a gaping flaw, you don't need a source. If you're suggesting a standard security measure, you don't need a source.

To insist on something novel, yes you want a source.

I would agree, except "standard security measures" aren't and you lead to travishamockeries like the pepper nonsense. Which is why I default to, "cite your sources."