Microsoft security architect Carl Ellison said that one popular culture problem is that security just isn't considered cool. (ref)
That's not borne out by the security experts I meet outside Microsoft who revel in their elite status among geeks. Among sites like SlashDot security is very cool - "black hats" and "white hats" find and identify bugs for the coolness factor. There are also many, many books on security, including some really bad books - an indicator that the publishers are so hungry for books on the topic that they'll publish garbage and people still buy it.