These tests were submitted by people who NEEDED to have their software tested.
I think the software submitted for testing is actually more secure than the average software, because it's made by people who actually know about the problem.
Much of the software out there doesn't deal with sensitive data, and much of it is too simple to serve as a system security risk
All web sites need to have good security. Without good security, you can get all sorts of hijacking attacks, where systems that seem harmless are abused to mount attacks on more sensitive systems.
The biggest problem with security is the degree it is underestimated. Everyone thinks it's somebody else's problem. Collectively though, the web is a one huge gaping security hole, and it's because of this attitude.
Most of the books on web development I've opened up contain security holes in the code samples. Even something as basic as SQL injection is still very prevalent in the code samples you find online and in print. Things get much worse when you start talking about subtler flaws like XSS or CSRF. And don't even get me started on the programming forums...
This article is most definitely not FUD.