To add insult to injury, it's ridiculously simple and easy to properly sanitize user input before they get passed on to the according internal parsers. SQL injection attacks are one of the easiest things to fend off, in theory!
That said, overall laziness in IT security didn't start just recently and my bet is it won't end any time soon either. We've got the tools available but nobody uses them. :(