I disagree, I think a LOT of developers are quite arrogant when it comes to security "how hard can it be?".
Have a look at some of the answers to this reddit question.
https://www.reddit.com/r/ruby/comments/5wp0rh/how_to_approac...