It's more like 6 times in 5 paragraphs. It makes it look like either the author is straining to make his points or that he's padding out the piece to meet some minimum word count. In addition, the post is basically a call to action for those of us overseeing security. Do we really need to be treated like children with condescending phrases about "very vulnerable" parts of our infrastructure and how "it's very easy to forget things like domain registrars or hosted email providers?" This kind of writing would never make it into a respectable publication.