Lack of secure defaults in popular frameworks. Some tools prioritize flexibility or speed over safety, setting insecure defaults like unlimited token approvals in the approve() function