There is no excuse for some of the security errors we have seen. Especially not government incompetence being equal or greater.

It is true that startups should not concentrate on perfect security, as supplying something the buyers want should be absolute priority number one, but even then there's no reason to not at least get the basics right if there is any kind of sensitive data involved.