Kaldor-Hicks corresponds to a lay theory of value, which assumes commensurability where there often is not. The Pareto approach makes far fewer assumptions in this regard.

Another interesting set of Pareto-improvements comes when one can improve the usability of software without decreasing its security. Such improvements are at least as important as when one can improve secrurity without reducing usability.

I'm musing about this. The thing about Pareto-improvements are that they are very strong and useful if the building blocks are small and cohesive. But as we get more complex, it breaks down, leading to as you suggest temptation into Kaldor-Hicks which to me doesn't deliver value.

But the rise of HCI issues in security thinkers' minds is of such import that it might be a good contrasting improvement that means much security software is not Pareto-secure simply because of these shortfalls. (c.f., Kerckhoffs' principles.) The more I think of it the more this seems like a valuable direction. Thanks!