Your portfolio should also reflect your security awareness. If a reviewer looks at your backend code and sees raw passwords being handled, SQL injection vulnerabilities, or keys exposed in plain text within your public repositories, it's an immediate rejection. Security fundamentals should be built into your projects from day one.