Performance Vs Security is like choosing between Batman Vs Superman in a duel between the two superheroes. Many of the security methodology introduces additional steps in the workflow, code logic and extra checks and these extra steps may cause slowdown in performance and usability. This is true for many systems and processes and not just software.
This is a tough choice that has to be made – which one is more preferable and when?
Or is it a fight where you want both to win? How?
Nothing better than a win-win solution.
If not, Security should take precedence over performance, IMO.