In general, younger programmers get in a hurry to get the task done because that's the sort of mode they're put in by brainless management, as well as the natural tendency of youth. Rather than slow down to consider several ideas and the good/bad points of each, they rush to code the first thing that occurs to them. Also in general, younger programmers are not the type that do security programming... thus the problem is compounded by lack of knowlege in addition to lack of experience.
As a point of example, in my office, all portions of all applications are up for discussion. Especially in the design phase, a topic will be brought to the group with suggestions for ideas on how to handle it. Each method will be discussed along with the good and bad points as they occur to us, and then several methods will be coded and tested. Once we find the winner, it's re-coded to be the best it can be. However, it doesn't stop there. At any point in the future, should we find a better way to do the task, it is rediscussed.
What does this have to do with security? We're not in a blind rush to get a piece done like at some companies. We know that planning ahead and careful testing don't actually put you behind schedule, but actually eliminate problems in the long run, and can shorten the schedule. Thus, security, like other portions, is given the go-round. Also, we don't hire young-twenty-somethings to work long hours for lower pay... so we don't pollute the waters with impatience in design and programming.
What you're seeing in the applications with terrible security, plain and simple, is lack of knowlege combined with impatience and inexperience. In other words, precisely the type of programmers that management seeks out because they're too hungry to demand better for themselves, and demand better of the applications they're working on. So no, you're not alone, and no, your experience is not atypical. Security sucks in most programs, as well as usually every other facet of those programs. Shitware reigns supreme, because by and large, the customer doesn't demand quality, and management and programmers aren't skilled enough to produce it anyway.
Disclaimer: I am a programmer who is absolutely fed up with bad security, bad design, and bad applications in general. I point the finger squarely at my own profession.