in reply to Web Security
I am not surprised. You already know that security is viewed as an expense rather then a benefit by many managers.
Even if they are "advanced" in their thinking and actually have a security person, they usually don't allow that person to do security work all the time. In another lifetime I was assinged to Internetworking Security for $VERY_LARGE_INSTITUTION; I did get to do some fun stuff and actually tracked a hacker once, but most of the time we did monkey work.
Also don't forget there is my FAVORITE phrase of all:
Put it in now, we will fix it later!
Now what surprises me is that you were shown source. A few companies I worked for would terminate you for that.