So I was googling for something and happened upon this hilarious gem of a quote (here): somebody "is calling for a PCI DSS status directory in which compliant merchants and processors are publicly listed. Opponents say such a directory could be used by hackers to find vulnerable companies to attack."
I know, I know... it is most likely taken out of context and all; but it doesn't stop me from ROFLMAOing here.