I made a bank account simulator, at Uni... Ok, nearly. There was a little homegrown script published on the unix servers that managed a 'funny money', a playful token economy. Got some help from a friend with your latest tutorial homework? Send them a few of these virtual credits. Just felt like prodding someone (like throwing them a sheep, or whatever Facebook has), send a credit and they'd get told who it came from. Valentine's Day? Send your beau (or best mate, who you were trying to josh) an anonymous donation and make them interested/paranoid.
Anyway, you got an amount for each account you had, the first time you started the bank program up. Only the technical users (and technically interested ones) tended to actually open it up, though, and (regardless) it was a prime target for those that found other people's terminals logged on, or somehow managed to inveigle their way onto someone else's system account, to send /themselves/ some of the currency (including 'freshly minted' units, if it was a user that hadn't already set up an account). Sometimes as 'a thank you' for logging the affected person out of their account and sometimes more like actual theft (if the currency was worth anything). I'm sure there was a way for the administrator of the bank program to work out who had sent what to who (and from there, onwards, in case they had control of another person's account as intermediary), but it was largely dealt with as a "being stupid tax", as long as no more serious things happened.... thus considered fair game for virtually all levels of "unauthorised user" to take their percentage (up to 100%), except of course the really
serious intruders who wouldn't want to leave any such obvious trail, but that wasn't something generally worried about with so much more casual mischief available.
had two accounts on the system (two separate departments were involved in my combined course). I took the bank program and I replicated it in a shell-script, for both command-line functionality and interactively (purely via tty), to make an identical-looking experience should anyone try to use the "bank" command, including querying/displaying balance, etc. But it had the sting in the tail that as soon as any transfer request was made (by either method) it would instead send the entire
balance to the other account, and terminate the login before any more serious activity was caused by the unwary trespasser. I made aliases so that my script took precedence, including integrating some tricks in my shell to capture any attempt to explicitly run the full-path-specified official bank program, and some more aliases to hide these aliases (yes, "alias alias <foo>" was possible, or something similar enough anyway). I of course left myself a rather obscure method of interacting, but had the main trap on both accounts.
...and it never got tripped. I was just too careful/paranoid/lucky/something, it seems. After all the work I put into it, I never had anyone steal my worthless coinage, nor do anything else of significance. The one time I was really
drunk in charge of a computer, I stuck around long enough to make sure a fellow computer-user had actually
logged me out, before rushing out, even though it appears I couldn't even type "logout" correctly, at that point. That was a night to to half-remember, I tell you... being young and foolish and all.
But, anyway, this is by way of a derail, but it takes me back to a time when I felt really
proud of myself (the whole programming thing, not the just described evening), and yet I couldn't even tell
anyone what I'd done, lest I ruin my whole security strategy. And that leads us to this derail.
 I'd been subject to a "let's see what he's like when he's drunk" plot in someone's campus room, which I'd survived with flying colours until I left and wandered over to a nearby computer room, whereupon the cold night air hit me and I started to suffer the heretofore absent effects. I still managed to gain entry to the lab, get myself on a computer and log in, but then had no wish to do anything other than rush off to the nearest porcelain bowl... The above security-conscious pause, apart. (Which probably explains the mess I caused when I didn't quite get there in time, but at least it wasn't over any computer equipment.
 Not that I recommend "Security Through Obscurity" as a concept, but it helps if you don't brag about that kind of thing. In cryptography, of course, it's good practice to make systems that are secure even assuming
that Eve has the full source-code of your program and its standard parameters, and basically everything but the exact
decryption key, even if you also are going to keep the process Top Secret to slow down The Enemy that little bit more.