People like to slag on other people's programming skills, but are you sure that all code you wrote doesn't have some absolutely boneheaded mistake in it?
I like to think I'm pretty good, but I would never claim that and certainly wouldn't put money on it. I'm sure I've got boneheaded mistakes scattered through my code. Sometimes you're having a bad day. Sometimes the reviewers are a little pressed for time. It doesn't take much for really stupid code to slide through as long as it appears to work.
I am 100% sure that none of the code I’ve written in the past 20 years interpolates user input into SQL. There is absolutely no excuse for this, and there hasn’t been for a very long time. Prepared statements have been a thing for longer than half the users of this website have been alive.
I've completely given up judging technical decisions as representations of the person who made them's skill or ability.
I still judge the technical decision on how it's impacting the system today (specifically around whether or not it's sustainable), but trying to ascribe intent or brand something as "dumb" is almost always done without the relevant information that went into the decision being made.
This is the problem being in a field (programming) that doesn't actually value experience.
I got this knocked into me by a very senior engineer when I complained about some really silly circuit on an older version of a microprocessor. His comment: "Okay, let's design that adder better. Oh, by the way, you only have two layers of metal in that technology. Let's walk through the options." My response: "Uh, no. We don't need to. There are exactly 3 options and only one that works." His response: "And now you know why the engineers prior to you made that decision. Don't assume your predecessors were untouchable geniuses, but don't assume they were moronic idiots, either. Just like you, they had a job to do, did it, and, most importantly, shipped it."
I've had some bone headed and careless mistakes make it into production, especially when I was a junior dev, but it was always something that messed up performance or functionality, e.g. a front end widget not responding or an unhandled API parameter.
When it came to user security I _never_ fucked around. I have about 6 years of experience now and consider a trivial and catastrophic mistake like this unconscienably reckless. Never mind 20 years and experience working at a FAANG company.
I like to think I'm pretty good, but I would never claim that and certainly wouldn't put money on it. I'm sure I've got boneheaded mistakes scattered through my code. Sometimes you're having a bad day. Sometimes the reviewers are a little pressed for time. It doesn't take much for really stupid code to slide through as long as it appears to work.
Glass houses and all that ...