Basically, spaghetti security is the practice of of implementing security by throwing all the roadblocks, and functionality-eliminations you can think of up against the wall, and hoping something sticks.

It is how security is practiced by people who do not understand security. Those who practice spaghetti security will generally consider greater security to be synonymous with less functionality. In other words, rather than learning how to secure required functionality, the spaghetti security practitioner will simply take away functionality in order to make it more secure.

Spaghetti security practitioners will fight to eliminate as much valid user functionality as possible from the system, claiming that such functionality is a breach of security policy. Users who complain and ask for the return of functionality that the spaghetti security practitioner has eliminated, will be accused of being the primary cause of weak security in the organization. They will be blamed for all of the practitioner's security breaches. If users manage to convince higher-ups to return the functionality, the SS practitioner may return it for a time, only to remove it again in his next security sweep (i.e., the next time he decides to eliminate any functionality that he doesn't know how to secure).