Many years ago, I did some consulting work on a project that had been "delivered" by Infosys. It was, to put it lightly, a complete and utter mess in every way. Just from a security vulnerability standpoint, it had: SQL injection, plaintext passwords for user accounts, zero protection against URL manipulation, etc. And those are just the ones that come to mind immediately.

Glad to see nothing has changed.