Ed Finkler agrees with me. Thanks Ed. :-) Listen to the podcast. It's a realistic assessment of the state of security in PHP.
He also includes a favorite quote from the podcast (as said by Ed):
If web developer doesn't understand common security issues they shouldn't be considered developers...[Web applications] essentially are dealing with data that someone is inputting there. As a developer of web applications, you are essentially stewards of that data.