Adobe doesn’t have the best reputation when it comes to security (i.e. Flash). Well, that reputation seems to go beyond Flash, as I have had an occasion recently to review several ColdFusion based applications. As much as ColdFusion eases the development of web applications for developers, it is doing them a disservice when it comes to publishing a “secure by default” platform. Abstracting security details away from developers can be a great thing, but not when the abstractions themselves are insecure.