The MCP spec describes a protocol, not a security posture. Most production deployments shipped with a static secret, no identity propagation, and error messages that leak internals. Five enforcement layers — executable before the next incident review.