Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?

Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?

How can limiting scope creep enhance the security of a software system?

3- Why should requirements gathering be prevented after the scope of the system is defined? What implications does this have for both development and security?