1. There are two tables in a FK relationship, the FK constraint is trusted and enabled.
2. BEGIN a transaction.
3. Set the FK to NOCHECK
4. Cache a plan for a DELETE or MERGE statement
5. The plan is parameterized with an ad-hoc stub
6. ROLLBACK the transaction. (The FK is trusted and enabled.)
7. The non-FK-checking plans are not evicted from the plan cache.
8. Future queries that parameterize to the form in cache allow DML that violates the FK.
Thanks to Jack Corbett, who first demonstrated this bug on SSC: