I interviewed a guy with 12 years of programming experience already, he lead multiple developement teams, and has been in charge of designing frameworks for various sites.
Yet he didn't see a problem when given a SQL Injection scenario, and when asked why didn't he verify user input on the server side in addition to the client verification that he's already doing. He kept stressing that the websites he creates are for consumers, normal users, they don't have the time or need to add in all the data verification.
But, as I mentioned in a previous post. It costs almost NOTHING to protect against SQL Injection so there really isn't any excuse for NOT doing it!