Vulnerabilities, exploits, and end-user security controls are all the rage in Web application security, but there's another element that Web developers often ignore: how the design of the application ...