in reply to
web site design, or lack thereof
A few years ago I might have said, "score, chalk one more for Common Sense Man", but you must remember (I must remember), Common Sense Man dispense Common Sense for a living.
That is excellent advice to remember, so here is even more advice, if you're "designing" things, make sure you don't do it alone. Very few people can cover all their bases and cover them well. If you're going to bother to even consider security (and you should), get a security consultant, whose sole purpose is to think of these things ~ someone like you (it helps if the guy keeping an eye on security is not merely a common sense guy who knows the workings of things, but can make them work too).
Also, and I know you know this, security is best implemented before anything's written (have the security guy attend the design meetings, mmkay).
And most importantly, if you're ever giving any kind of presentation, have somebody who is relatively an expert in what ever you're presenting, give you a review (how can you sell anything with your presentation, if you have someone in the audience giggling at your ignorance ~ heeey, here's a novel idea, bring your development team, and the security guy, to field these type questions, it'll save you from starving)