$secretKey = $_REQUEST['secretKey'];
Ok, to you non-programmers that read my site, that will make no sense to you, but you programmer types who know anything about PHP will know exactly what that means: that key is anything but secret.
So where'd I find this gem? Oh, nowhere in particular, except the Amazon S3 example page for PHP! The code in question is not a major issue; it is just a proof of concept after-all. To be fair the README does say "Note that this program should only be run on a secure server owned by you...", but still. This is an example that people are going to use to build code off of, so why not do things the correct way?