In reply to rcgreen's comment - yes, couldn't agree more- which is what I was hinting at about the routine used to get the data. But why do reputable (?) companies like MS continue to use this type of weak programming? There are lots of other examples in different languages, where the same thing applies. Sometimes the problem can be a bit deeper, as the program itself is calling a specific routine (e.g. read all input fields on a web page), and it is the routine itself that is not secure, rather than the compiler itself.
