Myth or reality? This paper at imperva.com shows how relatively simple techniques can be used to automatically find and attack vulnerable application servers. Looks plausible enough to me.

You've been warned: use a serious framework for your next project ;-)