There are many resources for learning security out there (research papers, proof of concept, CTF, pen-testing, presentations, wikipedia, etc.) but these resources often present isolated examples with anything irrelevant stripped out. The intent with Security Review was to present digital security in a manner that would be more akin to what we as developers would encounter in the real world: as code review.
It goes without saying that any good developer should strive to write code with as few bugs as possible, but even code with no logical bugs may be insecure. Security Review is intended to provide examples of code a developer very well may come across which performs it’s purpose, but has security flaws. It is in this manner that a developer can practice secure coding in much the same way they would encounter it on the job.
Also, I think it’s just fun trying to crack code that is already fully exposed to you; like solving a nice puzzle 🙂