Tracked down a tricky bug in which a SOQL query against the SOAP API failed because it was querying an object with two master-detail fields in a sub-select using an ancient API version that didn't support more than one master-detail field.
Used custom
permissions
for the first time. After spending some time figuring out the SOQL queries to
check whether a user had been granted the permission, I discovered the
$Permission
Visualforce merge field, which was sufficient for my need and
made the implementation simple.