A few times I have told the anecdote that the singly most baffling thing I ever saw in a code review — not the most insecure, just the most “how could a real programmer have written this? how could this ever make sense?” thing — was simply a C++ variable “number_of_trucks” … declared as float. Unambiguously referring to real physical trucks in a fleet.
Reader, it’s been over ten years and I am blowing the gods damn whistle. I had edited that story to protect the guilty: the variable was named number_of_planes. It was shipped by a company whose name begins with “B” and rhymes with “GOING out of business.”