Web programming innately involves programming for security. But programming for security does not require a siege mentality. As Bruce Schneier notes in Secrets and Lies(prices), attackers need find only one angle of attack; anyone who tries to secure systems, like programs, must secure everything. This is certainly true, but it means that the systems must be developed more intelligently.
When one knowingly programs unsecurely, one holds the mindset that the threat, if it exists, will effect someone else. The attack will not happen here. Popular notions of secure programming are the opposite: Imagine every attack happening here. After all, just because your paranoid does not mean they are not after you.
Programming securely lies somewhere in between. One must maximise control over one's sphere of influence while guarding against problems in one's sphere of concern. The ensuing discussion considers in turn the sphere of a Python programmers influence, his/her sphere of concern, and one common programming concern about which Python programmers need not worry.
Note: Each of these issues related specifically to web application
development. Some of them may be transferrable to applications that
run free of the Internet and a web server.
Several of the issues are inspired by 19 Deadly Sins of Software Security(prices), a highly-recommended read for anyone who writes programs of any sort.