Becoming an unwitting accomplice to the development of armies of botnets so large that they are legitimate threats to critical infrastructure.  The capability to inject web application vulnerabilities are pervasive and these companies’ CISOs (if they even have a CISO) have virtually no regulatory stick to enact change for the better.