No startup can follow all these u have said. This is simply not economic and I guess u did not follow yourself all the above at the beginning of BitSimple.
Of course a "startup" can and should pay the costs associated with proper security. A startup doesn't mean some guy writing code with a budget of $50. The costs for a solid security infrastructure are a few thousand dollars for the first year. You can either do security correctly or you can "do it on da cheap"; the latter has rather predictable results.