I think that Jeff highlights the worst reason we have for poorly secured data: poor design and implementation. And it is far too common.

I cannot believe my own memories over the number of times that people have suggested skipping proper authentication, encryption or authorisation. Even worse is the number of times that they went ahead and skipped these.

Saying that these issues will be fixed later is pointless because a) they won't be and b) even if they are there is a window of opportunity for theft etc.