It's pretty clear to me that security vulnerabilities will never cease to exist. There will always be some backdoor, some new exploit the dev's haven't patched yet. It's a question of who has the wits and resources to uncover them, and of their intents and relationship with the dev's.
You can prove a program, which can help in assurances of security. http://stackoverflow.com/questions/476959/why-cant-programs-be-proven From a cursory search, I found this as an example of a formerly verified web browser: http://goto.ucsd.edu/quark/. I don't happen to know a lot about this approach (I know nothing about this approach, really), but I do know that you can make certain guarantees about security (I guess assuming there are no bugs in your implementation of what you've proven).