It's one thing to tell someone about SQL injection, but I've found it always has a lot more impact when you show them exactly how it is done. Thinking like a hacker is the first step towards writing secure code. If you understand what the hacker is looking for, you can do a much better job of reducing the attack vectors.
As Dana said, it's good to see these kind of things get some publicity. (Also, I should point out both DDJ and MSDN are dedicated to security this month).