Security evaluation of 802.11i

Uberhacker.Com writes "Server Pipeline features an interesting report on the security viability of 802.11i. As most observers of the WLAN industry are aware, the security features found in the original standard were woefully inadequate. To a certain degree, these deficiencies reflected the perception that security services are normally implemented at layer 3 and above. 802.11i's privacy services are built on top of AES, a strong encryption standard that passes muster with even the most paranoid security administrators."

Security?

[Quasar1999]

Why is it that applying security at a higher layer is a bad thing? The data is what needs to be secured, not the headers of the packets... I don't care if people know I'm sending data to my credit card company, I do care if they know what my login and password is though... Am I missing something? Why is it so important to apply security to the lowest layer?