There are a few security concepts every developer should understand and be able to implement before they are trusted with sensitive data. Things like SQL injection, XSS, salting and a whole bunch of other things can really cause you and your users a lot of trouble.
Maybe i’ll write something about those some other time, but for now i’m singling out CSRF which is fairly easy to exploit and can have some pretty fantastic results yet it seems, from my experience anyway, to get less attention than the other attacks I’ve mentioned.