When I first head about "Code Injection" I had one of those 'Doh!' moments... why didn't *I* think of that? It's so simple and yet potentially so dangerous.
This site explains that code injection isn't restricted to SQL and UNIX scripts, etc... there's a whole other world of pain waiting to be discovered. Be careful out there....
[EDIT: 2006-11-22 Minor change to make content reflect wikipedia description]
[EDIT: 2006-11-22 Simon - if you read this, I just looked at the teamroom... I really did blog this before I saw your link!... I'm not trying to pull a "Bruce"]