The software market doesn't reward security, it just punishes perceived insecurity
Random thought: The market hasn't rewarded Microsoft's recent security initiatives (W2K3, XPSP2 etc.). Microsoft pumped a ton of development (read money) into their recent security efforts, which dramatically reduced their attack surfaces. That's a good long term move, but I don't think it paid off in immediate sales. I can say from my personal experience that administrators talk about the improved security they're getting when they install W2K3 for other reasons, but no one moves to W2K3 to get secure.
The market doesn't reward security. It may punish insecurity, but doesn't seem to reward secure OS's or software with increased sales. Despite the fact that W2K3 is much more secure than W2K, it doesn't look like the investment directly paid off in sales revenue.