We have to start by teaching new programmers how to make secure systems first (and I repeat, systems, not just programs) and just then how to program.
This theory can be applied to so many things when it comes to programming and designing. Many web applications are designed by designers, and security is never a consideration. Security awareness is increasing though, but it will take time to spread this knowledge through the industry.
In any formula, constants (especially those obtained from handbooks) are to be treated as variables.