Web Flaws tops the chart for 2006

An article from Security Focus with the statistics on how Web flaws are the most reported Security issues of 2006 till date. Do we need more programmers wearing Security caps while they code or do we need Architects designing a fool proof Secure Systems or is it the underlying OS / Languages / Server SW's that needs to be revisited. I think it should be a colloboration of everyone. Defense-in-depth would really help. Programmers, Architects, SA's should all be on the same page and enforce a better Secure system. But even if the Security process / technology / implementation all seem perfect,there is always a human at the end of the chain to get vulnerable. A company's site might have used a state-of-the-art technology with a very strong process and implementation but with all that, a user can be easily tricked with a phishing site, causing havoc. How could we best Secure a system without compromising on the usability ?