Doing encryption right is hard, and there's an inherent trade-off between security and ease-of-use.
Let's say you want to encrypt a database. Do you use disk-based encryption, or row-level encryption? Do you encrypt the entire database with a single key, or are there multiple keys? If you use multiple keys, does that preclude using the built-in indexing functionality of the DB? Either way, how do you handle key management? Key rotation?
Also, what are you protecting against? Someone stealing a developer's laptop? Someone inserting an exploit into a client? Into a server? Getting root on your DB server?
All these threats can be mitigated with different security strategies, but they require a lot of thought, planning, and time. Most app developers are focused on getting something to market. Issues like security and scalability get addressed later, because it does you no good to have a secure, scalable infrastructure that nobody is using.