My laws of existence:

Business. If the customer can’t feel it it doesn’t exist.

Ops. If it isn’t automated it doesn’t exist.

Product. If it isn’t documented it doesn’t exist.

Engineering. If it isn’t in code it doesn’t exist.

You have an opinion about security? Have you written a linter? Is it documented? Is it in the deployment pipeline? Do customers care?

If it’s only in your brain I don’t accept it and refer you back to the existence rules.