You still have server-level vulnerabilities to contend with. It might be a simpler task to maintain server-layer security and not have to worry as much about application-layer, but security is still something that needs to be dealt with, if you have a server that is powered on and connected to a network.