Quite simple installations should encourage best practice by default and, possibly, allow insecure configurations only through users' deliberate selections. Unattended installations should be secure as well.
This would ensure that releases can modify installation programs with current best practices.
This, of course, doesn't override the need for public vendor highlighted , internal or 3rd party, documentation.
-- Stop your grinnin' and drop your linen...they're everywhere!!!