I'm not sure I can top that, but I have a fairly scary story. I went for an interview with a company that sell branded shoes in shops in the UK and over the internet. I went for an interview for the position of "Web Developer" at this company and as part of the interview I was to do competency test, which involved working my way around a mock up version of their live system and doing various tasks with it. I had a "temporary" username and password which allowed me access into the mock up database through enterprise manager and query analyser. Once I had finished the competency test and even completed the "if you have additional time" section I decided to have a look through some of the other table in the database which I never really used. After bored with picking thorugh thoseI went back up to the main node only to notice a few other databases in the list. Yes, you can see it galloping over the horizon; it was the live database which my "temporary" user certainly had SELECT permissions to all tables (don't know about the other - i didn't think it was entirely ethical to try it!), including a table which contained all the users credit card details....unencrypted! I got the job and within the first few days I'd made many suggestions to tighten up on security, etc. Funnily enough I got hauled into the bosses office on the thursday after I started and got told that there had been a mistake about the position I was offered and I was being asked to leave with immediate effect...with 2 months salary. It does make me wonder how some of these companies survive!
Pol