There are software/devs that make sane security choices, and then there's the ones that don't (usually the younger/more modern ones)