The trouble is, adding security to code inevitably increases the complexity of the code, (depending on the language, enormously so) and therefore "simple" tutorials to illustrate basic functionality are mostly written without the security additions.
Any reputable writer will include a disclaimer that states that the code should not be used "as is" in a production environment.
Unfortunately, developers, being human - and also in certain cases being under time pressure from management - will tend to pick the quick and easy solution, and copy and paste the simple tutorial, rather than the more complex ones showing how it should be done properly.