..sounds like very shoddy coding then. You can NEVER trust user inputted data no matter how it's provided...
...A user who knows what they're doing can easily enter anything they want in those fields. Either by manipulating the packet or their browser.
I agree that trust is a major issue. That's a big part of what "hacking" is all about. What's going on here is seeing the code behind the code. Dealing with the file, NOT the program, to get in THROUGH the program.
lol
Like infecting a picture. What happens when that picture is one of the background graphics used within a webpage? Stored as a cookie (written to the disc)? No user input, just pulling up the page.