What You Know Can Hurt You. What You Don’t Know Can Hurt You.
Most so-called hackers are really just script kiddies:
http://www.hackpconline.com/2010/05/painfully-computer-pranks.html.
Most of the fruit is low-hanging:
https://www.toptal.com/security/10-most-common-web-security-vulnerabilities.
Real exploit developers who find real vulns go much deeper:
http://blog.dewhurstsecurity.com/2013/04/17/http-form-password-brute-forcing-the-need-for-speed.html.
Public and private groups share information (unfortunately, not to an equal degree) about newly discovered exploits: “zero day” exploits.
The most wicked exploits are saved for the highest-value targets and demonstrate vast knowledge and skill, for example Stuxnet:
http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/.
Part of your equation is realistically considering the value – or controversy – of your website goodies.