I feel the same way. Once I worked with junior developer, who was really eager to develop stuff. He was tasked to create a development environment, where we can tests features. Nothing fancy, just some scripts and simple containers.

He used copies of the production database, but forgot to set the admin password. The machine in ec2, public on the internet.

It was fixed few weeks later. But the connection still doesn’t use SSL, sends passwords plain text.

Yeah, he doesn’t really like criticism about his work…

I always think about the phrase:

“Security is our highest priority”

Sure.