Client side validation
I was going to start this by saying "we all know why client side validation is a bad idea". But clearly, we don't.
As for passwords and authentication.... Have we really become this stupid? Are there any competent developers left out there?