I take security pretty seriously. Some might even call me a little paranoid when it comes to password strength. It’s no surprise that I love two-factor authentication then. Not only can I have a super strong password, but I can now require that I have a security token in my possession in order to login. In other words, even if you knew my 16 character random password for gmail, you still could not login without also having my security token.
Most web sites use third-party code. This code comes in a few different flavors: client-side libraries (jQuery, dojo) server-side libraries (form mail scripts, oAuth integration) server-side frameworks (Zend Framework, Symfony) entire applications (WordPress, Joomla) As a developer, when you selected one or more of these tools, you hopefully picked a project that was active and well supported. This means there will inevitably be upgrades to that third-party code. Some of these upgrades add features, but most upgrades also include bug fixes and security patches.