These again, requires the person to actually click something, how do you get them to click on something is your first obstacles.
Even security experts are tricked into clicking on a link by accident from time to time. You are very mistaken into not realizing how vulnerable we all are when connected to the WAN. This is why I and other professionals use "sneakerware" security.
Also the delegate's web browsing device is probably not even the same as their node device, which means all your phishing efforts might be useless.
Once one computer is infected than everything is vulnerable. A worm can travel and infect any device connected on your LAN and any thumb drive and external that is briefly connected to your infected machine. Even if you use an encrypted password manager a hacker can grab screenshots, viewing your copy paste history , or a key logger and will find all your passwords. You are done.
I think this is enough about network security, it has become irrelevant to the discussion at hand. I believe it's far easier to hack discus fish and ghash.io's web server, than to get 51 delegates to click on your malicious link and somehow you obtain their private node device access thru this link. You may believe differently, that's fine. Again, pools being hacked has happened many times in reality. 51 Bitshare delegates being hacked simultaneously has not happened. I will leave the discussion at this fact.