The problem is that if you want security to be in the product from day 1, you need someone trained in security from day 1. The only solution that I see working is that we make standard libraries secure, and provide easy to understand, high level libraries for all things crypto.