Obviously software development in general has become more ingenious (by some metrics) over the past few decades but very little of its growth has involved secure development principles. Often the primary goal is efficiency and scalability with as little friction for the customer. The priority is enabling commerce, not protecting user data (slightly more so company data, but not by much). I speak to devs every week who are unfamiliar with things like JavaScript injection and SSRF, things that can be exploited by virtually complete beginners. From their perspective they were just building a neat feature, that it could be used to render external scripts or internal file paths literally did not occur to them. This isn’t a judgement of them, I appreciate the chance to help them, but just to say development has unfortunately always had other priorities.