This mindset is a massive problem even in healthcare where you'd think people would be a bit more switched about insecure HTTP, SQL injection, and the rest