Absolutely security is hard...and it's also not what `Yo' is really worried about. If they have to worry about security, then they already hit it big and they can just fix the issue ex post leako.
On the one hand, 'Yo' was created in a day. Though maybe the author should've spent say a week on it.
On the other, it's been proven possible to ignore or botch security until you have to make a minor show of apologizing for it, without fear of consequence, if you've already gotten enough traction. Unfortunately, this only seems to prove to businesses that security is a fruitless endeavor, and a waste of effort better spent making sure the UI is shinier. On the third, i've had to explain to people and their startups that SQL injection and XSS even exists, much less that it's a problem worth dealing with now so there might also be an education issue.
I think the answer would probably be more things which are secure out of the box. In particular, frameworks and the languages themselves (I'm looking at you PHP) which interface with the web should default to secure as much as possible.
On the other, it's been proven possible to ignore or botch security until you have to make a minor show of apologizing for it, without fear of consequence, if you've already gotten enough traction. Unfortunately, this only seems to prove to businesses that security is a fruitless endeavor, and a waste of effort better spent making sure the UI is shinier. On the third, i've had to explain to people and their startups that SQL injection and XSS even exists, much less that it's a problem worth dealing with now so there might also be an education issue.
I think the answer would probably be more things which are secure out of the box. In particular, frameworks and the languages themselves (I'm looking at you PHP) which interface with the web should default to secure as much as possible.