You'd be surprised how many coders of computer security products don't know how to code securely. They weren't trained in it. They don't really care about it, and they aren't paid more for making their code more secure. Many crypto software developers don't know about Security Development Lifecycle (SDL), buffer overflows, input parameter checking, and so on. It's ironic.
Top Security Suites Fail Exploit Tests
Is Security Software A Security Risk?
Security - Back To Basics