People in 1997 never expected that <insert project here> could be vulnerable to an attack as simple as a buffer overflow; after all, all it takes to not be vulnerable to overflows is "counting", and who has problems counting with a computer? Tens of billions of dollars in losses later: do you feel safe hitting arbitrary pages with your web browser?