Personally, at this point I blame that universal assumption that every piece of code inside a program has the same reliability, trustworthiness and disclosure properties. At some point we'll have to burn down every bit of software infrastructure and build it new with some care about security.