Only if 'something secure' is defined overbroadly. Using Amazon, as an example, I can idle my session indefinitely, and when I return, it will even allow me to do potentially secure things like browse my order history, look at my account details and such, but before I order something, or change my password, it prompts for a login, except where I've just recently logged in.

There's a balance to be had, and while admittedly, getting the details right is tedium and minutiae, it can be done, and done right.