On of the biggest things I struggle with is developers who store secret information in the clear. 

When i say: “Why are you doing that?”

They say “Because no one will get on the box and it will remain secret”

Something we have been pushing for so many years is storing secrets in a safe place.  Most developers just dont bother.  I guess the solution to this is to make it as easy as possible to do ... so they do it without thinking.

DPAPI or Data Protection API gives you the ability to store things safely ... and is pretty easy to use ... especially in the .Net Framework V2.  There are loads of samples of how to do it in the 1.0 and 1.1 framework also.

Shawn Farkas digs a bit into the DPAPI and how it all hangs together under the hood ... for those who are interested.

http://weblogs.asp.net/shawnfa/archive/2004/05/05/126825.aspx