SQL injection and its ilk will stop being “a thing” only after organizations focus on security by construction.