Kevin Mitnick'ss book says that the number one risk to systems is "social engineering". The number 2 risk is likely to be just plain bad design. The reason for bad design is that too many folks are turned loose without trainning in how to plan a software effort, how to choose tools and components, and how to test. Note that it only takes a few bad "where clauses" or even one in an entire system to cause a problem.