The situations could be avoided if the companies hired developers who have heard the word 'security' before, or got training for their engineers to learn secure coding practices and their sysadmins to learn secure server setup. If they're not going to make the effort to do those simple things, why should anyone else consider tip-toeing around the scumbags slapping together anything they can get to marginally work and then endangering the public with it?