In A Melancholic Dream
Luckly almost all sites are created on ServerSide Scripting which drastically takes away the 'script kiddie' affect, though it's still undoublty suspectable to Client Side attacks (session hijacking, SQL Injections, etc).
I myself, legally, perform integrity tests on webservers and websites as part of a business (though it's free, so it wouldn't really be free... I guess you could call it the GPL of business's). So I tend to get alot of vulnerable websites mostly (Thank god for people updating so I don't have to deal with them yelling at me about their Webserver/IrcServer/FTPServer.)
Im actually working on a PHP Based FTP Client now, I'll release it here when Im finished with it