A key to computer security is knowing that you can never keep out a truly determined and capable foe without arcane methods that make system unusable. Even then, it's not going to make a difference.
So, we do the most we reasonably can in order to keep out the ordinary criminals. If you go to far with security paranoia, you won't actually get any work done.
Security paranoia can paralyze you, but security nihilism is also dangerous.
For most people, being 100% secure isn't achievable - but that's not the case for everybody. It is possible to design systems that have ideal security, it's just hard and expensive. But for things like securing your nuclear power station so someone can't raise the rods and leave them up until the plant goes nuclear, it's probably worth the effort.
For most people though, there are some basic security things that will stop the vast majority of real-world hackers from breaking in:
* Patch your machine regularly.
* Use SSL/TLS across your whole site. Seriously. All of it.
* Use strong unique passwords
* Parameterize your SQL. Always. Even when you think it's safe, it's safer to parameterize.
* Always write in a managed language. The number of people who can write unmanaged code safely would fit in a small bar.
* For websites, store *all* user-data in a database, never on the filesystem - even if the data feels like a file.
* Avoid reflection, and constructs like eval. They are a sign of poor design, and are often vulnerable to code-injection attacks.
* Keep your corporate network and operations networks separate. Corporate networks are hard to secure; operations networks can be kept clean and secure much more easily.
There's other stuff you can do once you've done all of that, but it rapidly gets into diminishing returns territory. Following the advice above will stop well over 99.99% of all real-world attacks against your program.