@kostchei @SwiftOnSecurity God, I lived exactly the same thing.

"Please don't do this, we'll just do this the quick and dirty way for the exercise."

And then you try to look up the right way to do things... and you get dependency errors, the RSA certificate generator doesn't work, the whole system is not configured with a correct DNS and your team has no control over that, which means you can't implement HTTPS...

Want to use a seeded database for the passwords? Nuh huh! You can't do that because you need to encrypt the password on route and you don't have https! Which means you can't use seeds in the database!

Error after error, trouble after trouble, and you just give up and say "fuck it, I'll just obfuscate".

Then you go to your manager, explain the situation, and they tell you there's no time to fix that because upper management just moved the delivery date.

And by the time you finished implementing stuff, a new project came... and you give up.

The rest of the things that should be done correctly is in a backlog filled with bugs, annoyances and things that will never get done - like paying that damn license for that dual licensed library or whatever.

Security is almost never a priority.