Poor security or no security at all, is no "real" questions for me at all. If someone has to implement some sort of security but knows that it is lacking in some areas why would she not try to secure those too? Only thing i can imagine right now is maybe because of money, but then I would suggest to focus on the most important and maybe obvious security features.
If someone is serious on implementing security but doesn't know that it could be done better, she doesn't know that it is poor security at all and is not aware of it (therefore the question of implementing poor/ weak security or none at all is not possible on this). This scenario may not occur in a company where a security section is available and responsible, but thinking on a small or new company where someone has to do this kind although it is not usually her duty or responsibles.
The example you have given with the door is interesting, but without lock it would be even easier to go through it as you have nothing to do but walk. If there is a lock, even it is a poor one, you have to bring up some effort and time in order to bypass it, even it is not worth to mention.
I think similar about the AV-software. Although it may be vulnerable for some sort of exploit, the benefit from such a software is bigger than its disadvantages.
I think when security is implemented it should be compared by its advantages and disadvantages, usability, importance, range and a lot more facts.
When I talk with some sort of customers of even with people in free time about such topics I mostly recommend to hire on a regulary basis a company which does security assessments and similar in order to keep everything as safe as possible. Teaching security awareness to the employees on a regular basis, including possible threats, would certainly not a bad idea at all.
When implementing security it is important to keep in mind that not everyone has security awareness and general knowledge of computers. So even poor security may add additional layers of protection which may maybe not prevent hackers but scriptkiddies from penetration.
As stated before, I think too, that no absolutely security is possible.