Up to a point
Your sentiments do you credit, Betacam, but if my experience of pen testing web applications is anything to go by, you and your colleagues form only a small minority of web developers. I'd place at least 90% of the blame for this with the clients - whose requirements tend to run to: 1) speedy performance; 2) good design; 3) fast development; and 4) cheap. Security (if it appears at all) generally comes far down the list.
If your clients are really keen on security, presumably they include it in the acceptance testing process using (expensive) tools and skilled testers?