Agreed completely. Most programmers do not give a damn to security and most books do not stress (or even at least mention) it enough. :-(

<div mode="Oh well">We (Prague office of Monster Worldwide) are currently hiring and give the potential employees a test (in ASP or ASP.Net since that's what most of the development is done in :-(
A simple form to be validated and submited into a database. None of the ones using ASP ever escaped the data printed into <input type="text" name="..." value="HERE"> when redisplaying the form in case of a validation error, 80% of them insert the data into database by building an INSERT SQL statement containing the form data and none of those cared to escape the data.

And at the same time most of them have (according to their CVs) several years of experience with web programming :-(</div>

Edit by castaway: Closed small tag in signature