It's not that people don't know how to properly code a web application. It's that coding a web application with a strong and secure perimeter is more expensive, more effort, and difficult to QA (the perimeter) than building one without.
I love the "ship it" here. Deadlines kill security. When you're under the gun to finish something as a dev, the first thing to go is the security mindset. The next thing to go is the "beautiful code" mindset, which leads to even more security issues. The problem is that by definition projects that have a critical deadline will usually be used by thousands of people or handle very important information.
It's a weird issue of "I need it now because it's important" and "I need it working well because it's important". Good, fast, cheap. Pick two.
"Ship it."