Junior php/html/MDL developer with a some general knowledge under my belt
There are always going to be social engineering "hacks" (send someone an email, get them to click on a link that looks just like the site, show what looks like the login form, now you have their password. Do that to an administrator and now you control the entire site.) And you can never rule out the possibility of a lucky guess even if the math is with you. (Although that's not really a "design flaw" I guess.)
The problem is partially the number of layers. Even if your code is perfect, you aren't building everything yourself – that's totally impractical. Are you using a Windows OS? Linux? Either one could have potential security flaws. Are you using Apache? IIS? Those might have security flaws. Are you using PHP? .NET? Those might have security flaws. MSSQL? MySQL? Oracle? Those might have security flaws.
There's no technical reason why a program needs to have security flaws.
Creating an un-hackable system is almost impossible, and that fact that you are junior developer would make the it even harder. Good secure system design is something that takes a lot of experience to do correctly.
There's an old saying about programming (well, as old as any saying about computer programming can be, I guess) that, "Every nontrivial program has at least one bug."
The corollary to that is, "Absence of bugs is a necessary and sufficient condition for declaring a program to be trivial."
No reasonable answers