David, I do agree with you on the other points you've made in your comment. But from my experience as a professional developer, programmer, DBA and BI consultant I can tell you that it requires more than good templates to build fast and secure applications. Even so, many poorly build applications ended up this way because the companies that made them relied more on tools and templates than on the programming skills of their employees. Good developers must be payed likewise, good tools seems to be a lot cheaper, but no tool can protect you from the mistakes of inexperienced developers.

In most cases there is a trade-off between speed and security. Secure code needs to perform more checks, and code running in a secured environment will always be slower than 'unsafe' code. But security is not just build in the applications we use. It is also in the way we work with these applications, the places where we have access to these applications and many other factors that are outside the reach of the application or its developers. If a company decides to hand out the administrator password to every employee to avoid the 'overhead' of setting up roles and user groups, one can blame neither the application nor the developer for the lack of security.