One thing that nobody picked on the whole Acunetix vs NetworkWorld web hacking statistic is: the security world seems split into two camps which hardly talk to each other.
1. 70% of exploitable web sites is waaaay to low. All but a very few are in fact "hackable"
2. The number is waay too high. Maybe that many are vulnerable, but surely not exploitable.
So, what's your take on this split?