At SugarCRM we use PHPUnit as our unit testing framework. I like to think we apply it pretty rigorously in terms of always pushing changes with unit tests attached where appropriate. One artifact of this is that unit tests can add a false sense of security.
Here is a real world example. I wrote some code and added a unit test around that functionality. The problem came from the fact that my unit test didn’t cover both the positive and the negative cases. In other words it was a bad unit test. My point here is less about that fact, although I take that very seriously. It is more about the fact that even though you have a unit test it doesn’t mean you covered. You need a GOOD unit test to help in that search.