SQL injection as a hacking technique is widely used, is often successful, and yet the exploit itself is well understood and can be guarded against. So naturally the question "why?" comes up when you see continuing reports of breaches due to SQL injection exploits month after month - for years.
DarkReadingDatabase security people as "Why?" a lot. "Why didn't they patch the database?" "Why did they move production data into testing?" "Why are they still vulnerable to SQL Injection?" "Why did forget to change the default admin password" "Why are we seeing these same simple errors?"