If you can't see it..
and this is surprising.. how?
playing devils advocate here (aka my boss)
"You listen here son, build the damn app, nevermind about security and all that (nevermind about documentation either but thats another story) -- if we ever get to the point where we need security it actually means the app has become successful, so we will do security *then* with the revenues generated from it"
My point, since security isn't a immediate money-generating-mechanism compared to, say, shiny buttons and flashy animations the money in the development process goes to the guy that draws stuff and much less to the extra time that a dev needs to be trained for (or to program) security features
This is a deeper rooted problem, namely money being a driving force and the ROI in security only becomes evident after a product has become viable.
Or, as the home-depot-security-tech-guy said to his friends "never-mind your credit-card, you better pay in cash"