I have seen lots of web work for Sony-sized companies being awarded to design-heavy advertising agencies with incompetent backend developers when such work should be undertaken by people skilled in making the plumbing of public-facing, secure and scalable websites. This is the kind of mistake only a junior makes that should never pass the most complacent code-review process.
Like an old friend of mine used to say, "you pay peanuts, you buy monkeys"
I've actually been one of those developers working on a site for a major corporation who outsourced the development and design to an advertising agency. I wouldn't be surprised if there were a few holes in our site, despite the external security audit.
The main issue is that the advertising agency handled the development very poorly. Expectations and specifications were not well defined, budgets were not set appropriately, and project management was largely absent. This leads to my fellow developer and I, who were brought in because the agency lacked developer talent, having to scramble to get all the features in before the deadline.
I would blame some of this on lack of technical project management as well, not just on the coders.
I have to agree with you: the result cannot be blamed on the programmers alone. What I saw was a cultural mismatch, all the way from the control of the requirements to the selection of personnel. Making an ad is not the same as making a web application, the attributes of a good writer or artists are not what define a good programmer. I have successfully introduced a measure of sanity in two agencies I worked for, with great results (I really love making people's lives better), but that's not the whole market.
Yet, I can understand a bit of this mindset. Far too many websites are to be discarded by the end of the campaign. When so many products are supposed to last a month or so, people often forget about how sausages should be made.
Like an old friend of mine used to say, "you pay peanuts, you buy monkeys"