Recently I analyzed a security of a big site and found an issue that is not easy to notice, but it lets people do a bit more then they should. I did it for fun and for a "prove of concept" that I can find it, not for destruction, but it made me think.
Security is measured with the cost one has to spend to break it. Let's take a good American programmer with $150 thousands per year salary building up the system.
Let's take a good Russian programmer who makes $1 or 2 thousands per month.
It is obvious that a Russian will be ready to spend a month to exploit the system and make $4000, while an American company spends 12 thousands for a month of work of it's employee.
Why not Indians or Chinese? Well, they too, but Russians historically have a solid mathematical, engineering and computing schools, and half of major IT companies in US have Russians among founders and chief developers.
I don't really know a solution for a short period. In the long run the income will more and more depend on qualification rather then on geographical location, as Bill Gates wrote in his book.
But for now the only way for companies is to accept the problem and earn more then lose.
Anyway, good programmers respect professional growth and creativity, not cash or destruction.