Most companies don't have the resources or time to address security issue. If you are startup and focussed on growth then security is not on the top of your to-do things.
On the other hand, if you are a startup and focused on growth, you're one step away from losing your current customers. What if your payment app gets compromised? Or the whole users database gets leaked and someone spams them with targeted messages about your company? (this happened to mtgox for example)
There has to be a balance. If you don't care about security, you'll fail. If you don't care about new features, you'll fail. If you don't care about retaining current users, you'll fail. etc.
One thing you don't want when you're focused on growth is your company in the news because someone dropped your whole database on pastebin.
With recent compromises on a lot of services like Yahoo, Weebly and so on it is shameful that security is not on the top of list from the get go. Perhaps the events like the recent DDOS attacks will bring a lot of attention to the issue.
There has to be a balance. If you don't care about security, you'll fail. If you don't care about new features, you'll fail. If you don't care about retaining current users, you'll fail. etc.
One thing you don't want when you're focused on growth is your company in the news because someone dropped your whole database on pastebin.