You should read The Psychology of Security. It has nothing to do with programming or computers.
As I post this, I'm still reading it. I recommend it before finishing because it's just that good.
It might be interesting to have a discussion about practical techniques for mitigating fallacious risk assessments in real life. One I've noticed w.r.t. Prospect Theory is that if I have two choices, one phrased in terms of loss, and another in terms of gain, I try to convert them both into the same domain (both loss or both gain); I never would have explained it as the essay did, but my reasoning is definitely covered by the prospect theory discussion. For example, putting something on sale is not a "savings". Buying something on sale is a lesser cost than buying it not on sale, but at no point do you "gain" or "save" anything.