Computer security is hard to do. Just look at what a disaster it was for MS in the pre-Win7 era, and they are a software company! You cannot just add security to a system as an afterthought, it needs to be something that permeates the design. The problem is that it is hard and time consuming (though expensive) to do right, and it doesn't get reflected in the bottom line until disaster strikes. Then it's too late.