These are hardly the "most dangerous" programming mistakes. Nobody is maimed or killed by SQL injection attacks on a website unless there is physical machinery that is under the direct control of the website. The most dangerous programming mistakes occur in software systems that control powerful physical devices or software systems that provide diagnostic information that guides physical interventions by human beings (i.e. a physician utilizes the information to make treatment decisions) and, unlike the rest of computer security, most of the really dangerous mistakes have to do with computing incorrect results for some edge case rather than a failures related to malicious actors.