I think FEP is actually a better medium for security related things than a personal blog because FEPs are peer-reviewed and are more likely to attract scrutiny. If there is a disagreement about what constitutes a best practice, a competing proposal could be submitted.