Scott Arciszewski's blog post discusses the often undefined threat model for Encryption At Rest, focusing on web and cloud applications. He highlights the importance of clearly understanding the risks and the limitations of full disk encryption, which does not protect against an online attacker accessing application or database software. The post emphasizes the need for client-side encryption and proper key management, as well as the dangers of 'confused deputy' attacks, which can be mitigated by context-binding mechanisms.