Things I don't understand

I know that being a Security Professional I tend to think differently, hopefully more security conscious, than the average person. I would never buy anything that was offered via spam, I'm very careful about the websites I visit especially if it involves buying something or filling in a form. So therefore I do not understand why spam and phishing is so popular (ok I do because I work with end users all day). I just read about the growing popularity of smishing. Then of course there is the 100 plus emails a day that I get that are spam (thank goodness for spam filters!). All of this happens because it is successful. People spend money on things they don't need and often they end up getting taken for a ride. I don't understand why people STILL fall for this.

I also don't understand people who sell things on w/o first making sure that it's free and clean of personal data. I know that the average person doesn't have the technology or the knowledge of how to really clean a system of their personal data. But that doesn't excuse selling a drive or other device w/o at least erasing files and cleaning cookies and other basic tracks. How hard is it to delete files, empty the recycle bin and then run defrag? I know this won't stop a determined person from finding what they are looking for but the average person who buys something used is looking to use it not scower it looking for data.

Finally there is the ordeal with Sun not cleaning up old vulnerabilities when they fix them.
Java updates leave vulnerabilities
That really doesn't make sense to me. Why fix something if you are going to leave the broken one behind. I read that they do this for forward compatablitiy issues. OK, but why not make a fix that also incorporates forward compatability? Knowing leaving a vulnerability behind is unexcusable for any reason. This is just another reason for full disclosure.