When developing a program, most likely that it will interact with the user in some way, even if that mean only reading files in the system and report the data.
Usually at schools and at university's when one start to write programs, that person learn how to receive input, while teachers usually say to that person “assume that the data you receive is valid�?. Thats when the problems begins.
From the second that a program receives an input, the problems begin. We can not trust any unknown input that we can not control it.
Reading from a file is an untrusted input, and so does reading users input, or accepting input from a network for example.