Couldn't any programmer have written safely parameterised queries from the very beginning though, even if libraries etc had insecure defaults? Whereas no programmer can reliably prevent prompt injection.