Failing to prevent users from seeing coldfusion errors.
Add a onError method to a top level Application.cfc to prevent users from seeing those all to detailed dump messages exposing your inner workings(and failings).
varscoper is also a great tool for automating the check for variable scoping omissions in components.
http://varscoper.riaforge.org/
