First, an enthusiastic +1 to Steve's comments re security being compatible with risk. Second, Mailman is -- at this point -- easily the best available option for mailing list management. That is not to say it's perfect, of course it's not -- but in terms of capability, support, development, community, standards compliance, etc., it's the best we've got. Third, if the data path from the IETF Mailman instance to your mail client is compromised, then there are far more serious problems to worry about than someone spuriously unsubscribing you or switching you to/from digest mode or similar. ---rsk