Also recently finished this book as well, and it convinced me the web is secured by popsicle sticks and glue and I’m in wonder as to why everything isn’t hacked all the time.
It is largely "secured" by chewing gum, duct tape and other such things.
Some aspects have gotten better. Flash is dying, for example, and that's a huge help (I remember when the email showed up in my inbox from the Rails team, passing along that Google had informed them the same-origin sandbox was broken thanks to a Flash bug...).
Other aspects have gotten worse. The sheer number of new APIs in browsers, accessible via JavaScript, is frightening. And plenty of the problematic old ones are still around too. Plus ways to turn security features into privacy invasions (like the HSTS supercookie, which is both cool and makes me want to quit everything forever).
