Exactly, and that's a great point about other people: if you've already piped up and complained to your boss about the problem, and no one else has, if word gets out somewhere about this problem, who do you think is going to be fingered for it? You, because you were the one who obviously thought it was a big problem before.
No one is going to appreciate you for publicly identifying security vulnerabilities on some private company's website. This isn't worth ruining your entire career over.
The important thing to remember about whistleblowing is: if you do it, you will never have a job again. Weigh that cold, hard fact against the severity of whatever it is you think people should know about. If lots of people will die if you don't, then it might be worth it to you. Website vulnerabilities? No one's going to care. No one even cares when millions of credit card numbers or other private details get leaked/hacked from some website.