What You Know Can Hurt You. What You Don’t Know Can Hurt You.
Most so-called hackers are really just script kiddies:
Most of the fruit is low-hanging:
Real exploit developers who find real vulns go much deeper:
Public and private groups share information (unfortunately, not to an equal degree) about newly discovered exploits: “zero day” exploits.
The most wicked exploits are saved for the highest-value targets and demonstrate vast knowledge and skill, for example Stuxnet:
Part of your equation is realistically considering the value – or controversy – of your website goodies.