When you write the exploit code ( which is really very easy ), all you get is a big pile of utterly random binary garbage back-you still have to recognize that some sequence of bytes is a security code or a credit card number or a password rather than ( say ) the partial contents of an image file containing a photo of the company's cat.