I've been on the software side of things for almost a decade now; however only left college barely 2 years ago. From what I've seen from the insides of schools (public, private... ivy, quasi-ivy, non-ivy... Tier 1, and Tier 2) whose curriculums I've investigated,
here's a shortlist of their courses:
* Whiz-bang animation courses
* OOP using Java; now more with C#, .NET
* EE approaches to software dev't
* Starting a software biz
* n-tier system... how they work.
Very little has anything to do with security. When the CS graduates look for jobs, they say "wait, they can do that?" Or, "Naw, that's not what I was taught."
Okay, enough ramble. Long story short, students barely know what to look for... and schools (as always) rely on student interests to build a popular field of study.
In the end, as was previously mentioned, since schools don't know what to offer (and don't know who can teach it), the students are unable to learn. And the vicious cycle makes another round...