There is another element that people often forget in this type of argument. If an attacker is to select your organisation as a potential target they very often take a holistic approach to how they plan their attack. Attackers like water will always take the path of least resistance. It does not take much effort to identify key personnel within an organisation, e.g. CEO, CIO, CSO, IT staff etc. Targetting these individuals’ home PCs can provide very rich pickings;
How many of the above people work on corporate data on their home PCs?
How many of the above people use different passwords for personal and work use?
How many of the above people have VPN connectivity to the corporate LAN form their home PC?

So I would argue that as information security professionals we have a duty of care to ourselves and our families sensitive information, and to our employers to be always “switched on”.

As Thomas Jefferson said “The price of freedom is eternal vigilance”

Regarding 1) security pros are people just like anybody else and have to manage their own time/lives given the risk environment. Indeed, it means that home security practices are not as thorough as they are at work. But I would argue that this is just the way it should be. At work, you are paid for your time (and your security input), presumably to help the business in its profitable endeavors. At home, you are primarily liable only to yourself and your family for food & shelter. If your spouse or your family could pay your security salary to monitor and enforce enterprise-class controls at home, why would you go to work at all. The level of security needed at home cannot be the same as required at work as both the risks and the users are vastly different.

Regarding 2) security pros are people just like anybody else and have to lead the way by acting within the confines of well established security parameters (i.e. policies). Of course, as you pointed out, if those parameters are too strict, you will often find that the IT and/or security folks grant themselves shortcuts which potentially weaken security of the entire organization.

As a faculty member, I have the unique privilege of being able to shape young minds by providing insights into security best practices. However, I never pass an opportunity to cover the meaning of good governance and the necessity for balanced security controls that work for everyone, including IT.

I guess the moral of my long-winded reply is that with a good security policy, proper CM and audit we can “eat our own dog food” by setting up checks and balances (watchers for the watchers if you will).