Perspectives

4 Pieces of Dumb S(h|#)*t Developers Do When You Aren’t Paying Attention

by: Brian Milea and Marilyn Young

We have a confession to make.

Developers are making decisions behind the scenes that most clients would never expect. The production version of a site is rarely the full picture. After inheriting multiple projects over time, one thing has become clear: the most damaging technical decisions usually stem from a lack of expertise, a lapse in diligence, or a lack of transparency with stakeholders.

Check out some of the most outrageous developer disasters we’ve had to clean up.

1. API Keys Gone Wild

One of the most alarming things we encounter is noticing API keys stored directly in source code and committed to GitHub repositories. This isn’t just a "vibe-coder" problem; even senior developers leave this mess behind. Security is treated like a suggestion because, in the moment, the code works.

However, hardcoding keys is a critical failure for one reason: Git is forever. Once a secret is committed to a repository’s history, it is compromised. Even if you delete the line in a later commit, the key remains visible in the version history for anyone with access—or any automated bot—to scrape. This grants malicious actors an open door to your infrastructure, leading to stolen data or total service hijacking. Security failures don't announce themselves; they ambush you later, like the boogeyman.

2. Drupal Dabblers

Across multiple inherited Drupal projects, we see things like a site’s homepage built entirely as a Drupal View with templating logic embedded directly inside it. In other cases, responsive images are skipped because the previous developer could not figure them out, and image uploads are neither processed nor size-limited, resulting in oversized assets dragging down the site speed like an anchor. We encounter event content that is never configured to expire, causing outdated events to linger for eternity. We unearth staging environments being used as digital graveyards that obliterate the integrity of version control and leave the production site vulnerable to untraceable, irreversible errors.

None of this is advanced work; it comes down to a lack of basic Drupal fundamentals. Specialized platform expertise is critical because a CMS like Drupal is a framework of "the right way" vs. "the easy way." Without deep knowledge of the hook system, cache API, or the theme layer, developers end up fighting the platform—creating "hacks" that break during updates or bloat the database. A generalist can make a page load, but only a specialist ensures it remains performant, scalable, and maintainable five years down the line.

3. Digital Booby Traps

"If it was hard to write, it should be hard to read," says the developer who sets booby traps so no one else can take on their work. Our inherited projects often include confusing field names like field_image, field_image_1, and field_image_2, as well as global variables reused across unrelated features and code with meaningless naming.

This reflects a developer prioritizing their own selfish convenience over the client's long-term success. By ignoring logical naming conventions, they ensure the system is built to their own idiosyncratic mental map rather than a universal standard. It’s a deliberate pivot from "professional service" to "hostage-taking." The outcome is a system purposefully built to be a "black box" that only the original developer can navigate—a sophisticated trap that remains entirely invisible to a client until they attempt to transition to a new team, only to realize they’ve been locked out of their own investment.

4. Accessibility Amnesia

We’ve actually had a developer look us in the face and say, "The web is naturally accessible," in a blatant attempt to stall our remediation efforts and convince us that no extra work was needed. That’s cap. Too many developers operate under this delusion, but in reality, accessibility is a rigorous engineering discipline that requires intentional architecture and persistent testing.

When developers ignore this, we see the results: site search that cannot be navigated via keyboard, empty headings used as lazy layout spacers, and complex interactive elements that are completely invisible to screen readers. These aren't just minor "oversights"—they are structural failures. True accessibility doesn't happen by accident; it requires a developer to thoughtfully simulate user patterns and engineer code that respects the diverse ways people navigate the digital world. Without that proactive effort, you aren't just missing a feature—you are actively locking out a significant portion of your audience.

Clean Up on Aisle 360

Think of us as your project clean-up crew. Rehabilitating "dumb" technical decisions is never easy, but it is a core part of what Square360 does best. We don't just fix the code; we fix the relationship between the client and their technology. We help you understand exactly what you are paying for and arm you with the knowledge to ask the right questions at every stage of development.

By refusing to settle for "black box" development and working with a team that values clarity, maintainability, and architectural discipline, you can finally reclaim ownership of your digital assets. Being an informed, involved client is the ultimate defense against developer shortcuts. Together, we can ensure that your site isn’t just working "in the moment," but is built to endure, scale, and remain accessible to everyone.

Culture & StrategyDevelopment Innovation

Related articles

See all
AI Overload: The Cognitive Cost of Machine Speed Coding
The Curious Case of Drupal AI: In What Ways Can It Support Content Authors?
Drupal AI Assistance for Website Content Management

Let's Chat

Don't be shy; we'd love to hear from you.