This is why security is hard: Secure software is perfect software, and we don't write perfect software.
I totally agree with this. The larger problem is when you introduce Joe and Jane new web user to the great tubes of internets and they never update the software that you have written and continue to fix.
This is what adds to the security difficulties. How many computers have you fixed that had the earliest versions of the browsers installed or no updates for the OS installed, because, "it takes so long to reboot!" or "I don't wanna do it, but will continue to do all my shopping and banking on this machine with all the keyloggers, trojans, and other malware installed on it."
Joe web user: "Hey this computer thingee caused my to lose my identity! Computers suck!"