Rationale
SOQL/SOSL injection is a serious security vulnerability that results from insecure construction of database queries with user-supplied data. When queries are built unsafely from user-input, instead of using type-safe bind parameters, malicious input may be able to change the structure of the query to bypass or change application logic.
Scope
Visualforce components
Visualforce pages
Apex controllers