Do to the nature of web site development most of new web programmers don't have a good knowledge of web application security. Most of new sites are build with web frameworks and cms and even beginner programmer/user can create relatively complex web site without to much effort. In this situation lot of programmers and site admins don't care too much about security. But even if you are building just a small blog site there are many reasons why crackers can target your site - if your site is insecure it can easily become spam relay or source of malware software.