Password leaks - courtesy Google

Google is rapidly adding feathers to itz cap of "Security lapse" with the latest news of password leaks from Google's anti-phishing plugin for firefox. What has happened is that Google maintains a black list of possible phishing URL's and some of these URL's had user information (cookie info, passwords etc). Though Google was able to fix this issue in no time, I really wonder how they missed envisioning such issues in the first place ? Maybe they assumed that URL's would not have user-related information ? Maybe they didnt prioritize Security ? Maybe .... Anywayz, what I could learn from this incident is "Donot assume anything and overlook details".