Security is a little interesting but to learn about it you have to dig by yourself usually. It's not promoted like other types of information. A reason for that I believe is that it's not easy to teach since there so many ways and so much to think about and it's not documented like an API because there is none, security breaches comes from peoples imagination set to practice.

To build security functions is also costly and time consuming to make it good and effective so it does not slow down your application. When you have a time line and a budget security seams to always come last and that is a problem and we know it, but will it be a problem fro your application or your environment? Maybe it wont. So time, money and knowledge limitations seams to put security last, in many cases and thus we wont get rid of most security issues for a long time.