We have to start by teaching new programmers how to make secure systems first (and I repeat, systems, not just programs) and just then how to program.
This theory can be applied to so many things when it comes to programming and designing. Many web applications are designed by designers, and security is never a consideration. Security awareness is increasing though, but it will take time to spread this knowledge through the industry.
"Today's robots are very primitive, capable of understanding only a few simple instructions such as 'go left', 'go right', and 'build car'." --John Sladek