I've been asking this question and not getting good results. I've asked software developers who are making apps. I've asked students. It seems that security awareness just isn't on the agenda.
A security engineer commented on this to me today and gave me some insight. Basically its either you like to know how things work and you eventually are interested in SQL Injection, XSS, security mis-configuration etc or not. If you are, you're likely to be very interested in checking out the OWASP site.