IP spoofing over UDP = easy, IP spoofing over TCP = hard
The biggest problem in security is that a lot of people think that hard is the same as impossible. It is not. We can patch this and that hole after we’ve completed implementing our design and make it harder to attack our system, but we’ll never really know if we’re 100% safe.
In that regard, giving up is not lame. Playing catch-up is better than not. It’s also better than going back to the drawing board when you’re well into beta (aka scope creep), unless you have infinite budget. I do believe, though, that in the design stage, as Schneier says, security is about trade-offs. If a feature introduces security risks that are not absolutely not tolerable, then it might indeed be a good idea to drop it altogether, if designing built-in protection against a class of attacks is not feasible.