As part of an effort to expand Drupal-specific static code analysis tests for vulnerabilities underway in Coder 7.x-2.x (http://drupal.org/node/1844870) I am curious of common errors made by developers that open up exploits. What problems are easy to make (and discover) that we can 1) write automated checks for and 2) get those corrected for newer major versions of Drupal core.
For example, in Drupal 6 drupal_set_title() set the contents of the h1 tag without sanitizing the argument, and developers commonly passed it the raw node title, opening up an XSS exploit. Drupal 7 sanitizes the input for drupal_set_title() by default.
What common mistakes have you seen in Drupal 6 and 7?