I worked for a small, local ISP in the mid 2000s. I don't think I made any stupid mistakes on my part, but I had plenty of coworkers who did. To be fair, people were often actively hostile to security concerns back then. It's not much better now, but at least not everything gets a public IP by default.