Are current research security frameworks genuinely reducing risk, or merely redistributing it across borders?