Made the original comment because my friends who do this professionally for a fortune 500 company share the same tales of woe--that would probably end just as badly if they weren't operating under the safety of a corporate megabucks legal department.

The situations could be avoided if the companies hired developers who have heard the word 'security' before, or got training for their engineers to learn secure coding practices and their sysadmins to learn secure server setup. If they're not going to make the effort to do those simple things, why should anyone else consider tip-toeing around the scumbags slapping together anything they can get to marginally work and then endangering the public with it?