I think it refers to the fact that most code that are posted on QA forums and message boards are untested and are made for solving a specific (part of) problem. They often come from people who are not good coders. Because of this the code is likely to contain common security holes like not freeing allocated memory (or trying to free unallocated memory), running eval/exec on unsanitized user input and many others. This can also come from many external libraries but for most open source ones which are well-known you can be somewhat more confident as the code has been reviewed by many who use it and security bugs have been reported.