Lesson 1: Trust Nothing and No-one.
Lesson 2: Trust no code, not even that your wrote yourself, to be either unexploitable or contain malicious code.
Lesson 3: When you think you can trust - verify...