Most programmers don't give two shits. I used to work at a company that made enterprise employee time management hardware and software, e.g. timeclocks and payroll software. One feature of their system was that you could have authenticated users clock in and out from their desktop. The hardware and desktop software recorded the in/out times as a SQL command to a central server, but the username and password were stored in plaintext on each client machine. Worse still was no details about the time entry were stored in the database: no originating IP address, no client MAC, no nothing. It just literally directly wrote the date and time to a field. When I reported what a tragically horrible bug this was, nobody was interested. They said, "nobody will go to the trouble." So guess what I did? I made a little Perl script that would punch me in and out at work even if I wasn't there. They had no way to detect what was happening. To avoid it being to obvious I just set it to enter a random time that was plus or minus 7 minutes from my start and end time. It worked beautifully. I never manually clocked in again as long as I worked there.