The thing that has really lingered with me from Day One is the point that while on the web we may not have fixed security issues we at least know what they are.
With apps we don't really know what the issues let alone have a simple a way of verifying whether we suffer from them or not.