@drunk.smile
You have obviously never written code in real world working conditions.
You have a project that has to go live on Friday, you have 4 days left to work on it and 5 days worth of bugs and amends on your todo list before it can go to the client. The deadline is non-negotiable, if you miss it then the company may be out of pocket thousands of pounds (could easily be over 100k), you will get a bad review, ruin your chances for a bonus and get bumped one position higher on the 'bad programmer/replaceable employee' list.
The managers responsible for the project aren't programmers and don't fully understand your security concerns, their attitude is "just get it done for the deadline". If the project appears to be finished it must be ready to go, your security concerns appear 'petty' and are not critical for release to them.
Do you:
A) Refuse to let it out of Alpha/Beta, pissing off both client and the company you work for.
B) Smooth over what issues you can and release the software as-is, keeping everyone happy. You can fix further issues as they crop up and shift the blame onto the company you work for.
Then what do you do a month later when the cycle repeats itself with your next project?
Tight deadlines and bad management are probably the number one cause of most of these issues. You often have to cut corners to get the code out on time, let alone even think about a security audit because the people managing the project do not understand the technical implications and requirements for the project and agree the budget/timescale without consulting anyone who does.
PS: If you even consider open sourcing a project the company is being paid to develop in-house, you will get laughed straight out of a job.