I'm not saying developers should use security tools to do security testing (although that is also a good idea).

I'm saying that in terms of the day-to-day workload of developers building web apps or APIs, a tool like Burp is as valuable or more valuable than a debugger is to a C programmer.