Re: Low quality coding
At a previous job, we had a few incidents where customer sites (some of them online shopping, some of them business processes) were compromised. The devs, or at least, the ones calling the shots*, really didn't understand security.
Eventually the managed to hire someone who did understand security - he lasted longer than I expected before he got fed up and left. He is now doing "quite well". Why was he fed up ? Obvious really, they were still writing insecure sites and then expecting him to bolt on security as an afterthought - and ignoring his "suggestions" that security is something you have to build in from the start. AFAIK they are still building "dodgy" sites.
* I have to say, there were a couple of the devs (it was a small team) who did actually understand these things - they've also left for places where their skills are appreciated.