The latter often suffer from a lack of input validation leading to holes including remote code execution, shell uploading, and permanent cross-site scripting.
I suppose it's somewhat reassuring that the RAT that took over your machine is programmed to the same level of quality as regular software these days.