As for specific examples - what about SCADA, SWIFT (finance), Biologics (genomic pharma), or anything that actually could impact someone's life or an entire community? RS-485 double drops vs PoE for a factory is one example. External auditing of back office / risk management / fixed income software is another. Simulated modeling of genomic drugs and FDA phase II trials is another. And then there's Barnaby Jack vs Medtronic... lots of great examples out there better than tor/encryption.
I wanted to touch on a slightly different problem; deciding to build something which is fundamentally impossible to do safely, rather than something which is very difficult to do safely.