Not only isn’t security the first priority for people, some make a selling point of being able to defeat it! Does the following type of phrase sound familiar to you?

Our product uses HTTP, so there will be no problem traversing those pesky firewalls.

The solution is of course in the middle (making admins realize that security is not more important than letting people do their work and also making programmers realize not thinking about security can get you in a lot of trouble), but it is a sad state where programmers actively work against IT 🙁 (and furthermore, they are proud of it!).