Hi Lisa. I’m a writer for ReadWriteWeb, a popular weblog that focuses on 2.0 issues. The answer to your question is YES. On the question regarding the apps, however, most 2.0 are hosted in the cloud, so application maintenance is part of the vendor’s service offering.
I recently wrote about a company, WorkLight, which has an excellent answer for web 2.0 security. I have no connection with this company other than as a writer. I have heard excellent reviews about the product and thought I’d mention it in case you had not heard of them. You can see the recent article I wrote here. Hope that helps.