On the need for more human studies to assess software protection