I fear from your language that you aren't really interested in reasonable argument, but I'll try anyway: ActiveRecord had two variant find() interfaces, one of which tried to make it "easy" on the programmer by avoiding the need to extract an ID to do the lookup. And it went further by adding an overloaded argument syntax that allowed you to elide the first argument entirely. And it forgot that that second argument simultaneously (1) was defined by a remote client and (2) could contain arbitrary SQL.

So yes: "copy pasta" of the id boilerplate around an AR find() call would absolutely have prevented this. Rails got slick, and got burned. DRY helped reduce "copy pasta" (sigh) but hurt security.

Isn't that really the fault of an overloaded (as in doing too much) function API rather than a DRY related problem?

Well, yes, but my point was that I see them as part of the same thing. A function (or whatever) that does lots of related things can be "DRY" if it avoids writing out all the related things longhand, or it can be "too much" if it introduces bugs.

DRY as a general philosophy to avoid cut-and-paste code is fine. But it's also an ethic that in my experience prioritizes concision at the expense of clarity. Loss of clarity is a factor in half the security bugs on the internet.