I agree about defensive programming, but I think that systems are really good to the degree that there are meta-rules which are predominantly in people's heads. The thing is, the meta-rules should be few and obvious in the code. You should be able to look at it and say "well, it looks like X happens here, so I if I add some more X I definitely shouldn't put it with Y."