How about gaming companies that require that you give them your "real" name (by which they mean legal, which doesn't always match one's real name) and won't let you change it without showing legal ID? (Blizzard is guilty here.)

Even putting aside that many people don't want to go by their legal name (for various reasons), or that many people change their legal names (for various reasons, marriage being just one of them), there's the fact that having the legal name there increases the risk of identity theft, particularly if the company's servers are breached.

(A Google search reveals that, apparently, some people were disqualified because their "real" name on their bnet acounts didn't match the name on their legal ID cards.)

Just for reference:

https://blog.avast.com/2014/05/26/avast-forum-offline-due-to-attack/

I see lack of security all the time. A few months ago, I was working with a company that sends overdue notices via a third party via SMS messages. I got curious, fired up a netstat and noticed the data was being transferred insecurely.

I fired off an email to their public contact account as they didn't have a security contact listed.

Their response was to point out that their website had a SSL certificate (Which only rated a C per that test I use over at ssllabs.com) and therefore everything was secure.

A few months ago with a local client I was helping out at, I noticed their checks were being processed over the net with a website that didn;t even have a security certificate. I was told "Well it has a login..."