As long as we're clear that by "them", I mean "a broad cross section of the whole industry, from embedded infrastructure code to 'web 2.0'", and you mean "the fictitious QA team that works the way I say QA teams do", then I think we agree.
Because I'm telling you that you're wrong about the relationship between QA and security in the real world.
Because I'm telling you that you're wrong about the relationship between QA and security in the real world.