Sometimes people test the speed of a Statement vs. PreparedStatement and notice that if the Statement is executed only a handful of times, it is slightly faster, so they conclude the Statement is the way to go if you execute it less than, say, 10 times in your application. This is, of course, not a good idea because of SQL injection anyway, but even the performance perspective is wrong. If the application is actually used by many (say, 100) users and each user invokes the 10-statement functionality, the DB gets hit by these Statements thousand times, not ten times. Which means the load on the DB is much higher and the PrepareStatement would clearly win performance-wise.
I haven't ever seen a Statement/PreparedStatement performance comparison which would mention it, so I thought I'd point it out here.