PHP : Trust boundary violation

Data from trusted and untrusted sources are stored in the same data structure. The developer may mistakenly consider that the data in the entire data structure come from a trusted source.

Trusted and untrusted must be separated in the program. In the secure program untrusted data can cross the trust boundary becoming trusted only by passing validation. Using the same data structures to store both trusted and untrusted data blurs the trust boundary and leads to vulnerabilities.