Last year I got to work on a persistent URL implementation for the National Archives, and regular expressions were a god-send for that. I had used them before in bits and pieces, but for this project I had to use them pretty extensively, to match patterns in a URL, extract those patterns, and convert them to the appropriate values for the persistent URL. It also doubled nicely as a security measure, ensuring that I didn't grab characters that shouldn't be processed. However, I had to beware that I didn't go overboard on the pattern matching, as there were often simple cases that it was overkill for, like always searching for a specific text string in a URL.
On the security side of things, they also came in very handy for validation of entry fields in the forms. Need a ensure that your phone numbers are entered in a certain fashion? Regular expressions are great for that.
