The security and flexibility are two goals that various improved BLP models attempt to achieve. How to enhance the flexibility of BLP model is a challenging problem that security researchers try to solve. However, the implementation of an insecure “security model” in the system will result in an insecure system. In this paper, two improved BLP models, for short DBLP (dynamic BLP) and SLCF (security label common framework), are analyzed. Although the designers of the two models claimed that their proposals can adjust the security level of the untrusted subject dynamically and accordingly improve the flexibility of the classical BLP model, the analytic results show that the two improved models are not secure at all. Under the rules of the two improved models a Trojan horse can “legally” read the high-level information and then write them to low-level objects, which violate the principle of multi-level security (MLS). This effort provides a theoretical foundation for avoiding the choice of insecure MLS model.