I'm not that clear about what point you're making either. We seem to talking past each other?
The way I see it, types are sometimes used to represent security guarantees, so junk data getting cast to the wrong type could be a security hole. It depends on which types we're talking about.
For example, you can declare a SafeHTML type whose underlying representation is a string, and if you somehow deserialize it without actually doing the runtime check, it could be a security bug.
Verifying types and verifying input are closely related; the type keeps track of what you verified when you constructed an object of that type.
The way I see it, types are sometimes used to represent security guarantees, so junk data getting cast to the wrong type could be a security hole. It depends on which types we're talking about.
For example, you can declare a SafeHTML type whose underlying representation is a string, and if you somehow deserialize it without actually doing the runtime check, it could be a security bug.
Verifying types and verifying input are closely related; the type keeps track of what you verified when you constructed an object of that type.