If a city had an obvious security gap, it would be the city developers and planners who would ultimately be responsible for fixing the problem (and perhaps even for making it). I think it's more a question of where to put the line of negligence in regard to security ethics.
Is poor city planning responsible for muggings?
It could be. There's a noted decrease in muggings in areas where there's more street lights and cops (among other factors). If the city planners thought about the population they need to set up for, and studied criminologists statistics they can prevent a danger zone. Similarly, there are many poorly designed intersections in the world that are responsible for contributing to many accidents. Even if roads were designed as perfect as possible, there would still be accidents. However, by designing systems which are sub-standard based on known, predictable or expectable flaws is negligent on the part of planners. If planners can recognize and account for what they have done to prevent various dangers (as they become known) then they are not negligent.
RE: Security Absurdity; The Complete, Unquestionable, And Total Failure of Information Security.