In my first book, the The Tao of Network Security Monitoring: Beyond Intrusion Detection, I say "some intruders are smarter than you," and "intruders are unpredictable." Because of these two facts, prevention eventually fails. In other words, intruders are cleverly figuring out ways to circumvent security of services you have never heard about in ways you could not imagine. As a result, defenses fail and monitoring is the only way to detect that failure and respond appropriately.
The story Cross-Site Scripting Worm Hits MySpace is a perfect example of these principles in action. In short, someone figured out how to create a worm on the MySpace online community. More details are posted at this Slashdot thread.
I had never heard of MySpace until today, but over a million users were affected by this worm. Did you see this coming? Of course not. There is little point in forecasting future threats. The best we can do is to implement the best preventative defenses we can, monitor everything else, and respond in a timely manner.