Drupal is a very secure open source project. With thousands of eyes looking at the code, security holes get patched very quickly in the core Drupal project.
However, one of the primary ways of opening up your Drupal site to security vulnerabilities is through user error. No amount of code can prevent site administrators from doing stupid things like giving anonymous users permission to edit your blog posts.
The recently released Security Review runs a basic analysis on your site looking for security issues in how you've setup your site. Whether a developer or not, a module like this could save you a tremendous amount of grief.
If you are a Drupal developer really interested in security, check out the book Cracking Drupal, authored by the same people who developed the Security Review module.