Are you obligated to point out security flaws if you’re just hired for a small job?

http://cdn.arstechnica.net/wp-content/uploads/2013/05/security_holes.png

Dokkat was contracted to do a small job on a website for a large corporation. After giving the project a once over, he realized the code base was full of security risks:

“Lots of PHP files throwing user get/post input directly into mysql requests and system commands.” Dokkat says the programmer responsible has a family and children, and he doesn’t want to be the one to put this employee’s job in jeopardy. How should he proceed without throwing someone under the bus?

Read more: Are you obligated to point out security flaws if you’re just hired for a small job?

Story added 13. May 2013, content source with full text you can find at link above.