Here's a good example of one of the many benefits of web applications. I'm looking at Google's web application Gmail as a general case...
Gmail - Wikipedia, the free encyclopedia:
In January 2005, security experts discovered a critical flaw in the handling of Gmail messages that would allow hackers to easily access private e-mails from any Gmail user's account. This was posted with detailed information to popular technology site Slashdot at 9:23 a.m. PST on January 12, 2005. At roughly 10:15 a.m. PST on January 13, 2005, developers at Gmail announced that they had fixed the problem, and that the security flaw had been patched. Despite Gmail's status as a beta application, this raised concerns among some users who use Gmail as their primary mail account.
Situation: A flaw was discovered that would affect hundred's of thousands of users and in less than an hour the security flaw was fixed and applied to all users nearly instantaneously.
More recently....
Teenager claims to find code flaw in Gmail:
A teenage blogger claims to have discovered a flaw in Google's Gmail service that allows JavaScript to run, potentially allowing a malicious hacker to gather e-mail addresses or compromise an account.
Situation: A teenager discovers a bug in Google's web app, Gmail. Again, potentially affecting a large number of users....
Teenager claims to find code flaw in Gmail:
Some visitors to the blog reported being able to replicate the findings, but others said later that they were not able to and that the supposed flaw had been fixed. Google representatives in London could not immediately comment, saying the report would be forwarded to their technical staff.
In this report there hasn't been a confirmation of the bug as described by the anonymous teenager but the point is that it would be hard to tell because if there was a flaw it was fixed so fast that the teenagers claims couldn't be verified since the flaw was patched and propagated so quickly.
Web applications have this benefit of rapid repair/update and deployment. Look at the quagmire that traditionally desktop applications or operating systems have to deal with. Patches tend to take longer due to the more complex environment that traditional software executes in. Once a patch has been created the fix must still be deployed individually to each user. Not to mention you typically have to rely on the user to apply the patch which often is not the case. There are XP boxes still out there running without even Service Pack 2 installed!
Bottom line: Web applications have a incredibly faster turnaround time from flaw discovery to patch implementation than traditional software applications.