I would wager that you won't find an obviously bad security practice like md5() the password in the PHP documentation comments that isn't voted way down.