[SilkRoadie]

I think the issue is down more to a lack of awareness than a lack of care.

A while ago a site was hacked because they didn't upgrade rails which put out an urgent security update a few day's previously. This is sloppy. There is no excuse.

In many other cases the problem is that people running and building the website are not security experts. They know the fundamentals and learn new things from exploits used elsewhere. However, this knowledge falls short of attackers who relentlessly look for and try to create exploits every day.

I think this is the main issue. Too many hackers, not enough security experts, not enough funds to continuality audit the application and servers running the website.