SQL Injection still works
When talking about security, one of the easiest examples to show is something with [wikipedia:SQL Injection]. It's so easy, that most people laugh at these examples, because no one ever uses this anymore.
It seems, not everyone is aware of SQL Injection yet... The site of the RIAA got hacked a few days ago. As far as I know, one of the first reports were on TorrentFreak. They also have some screenshots of it, like the one below.