So security is relative compared to a threat. That's a assumption that any thoughtful person can make. Yes, the resources available to you will greatly affect your ability to achieve a particular level of security. Just because you connect your server to a network does not mean that the security of your server disappears. Whatever level of security you've managed to achieve is still there. It just may be that the attackers you face are able to overcome your security measures.
If by security one means absolute security against all threats present and future, then yes security is not only illusory but also meaningless.
So you do a lot of work and achieve what you might call "near-perfect real-world security" and are not hacked, are you secure?
When you later find out you were vulnerable. Were you secure?
Does knowing that an undetectable root-kit could have been installed during this time, change your perception of the state of your current security?
Would it matter if the newly-released insecurity was a one-in-a-billion thing?
For instance when's the last time you actually took measures to guard against a trojaned compiler?
If you did get hacked because of a one-in-a-billion thing which nobody could have predicted did it happen because you weren't secure or did it happen despite your security? It's a subtle difference in perceptions.
Does your perception of your security level change if you realize the crooked CEO conspired with the security consultant to arrange a back door and that the one-in-a-billion thing was a virtual certainty?
It goes deeper than simply being all relative, you always make some assumptions - even incredibly large ones. Even a tiny mistake can totally scupper system robustness. In crypto and security a system is often weaker than its weakest link and that includes designer assumptions, operator errors, and customer specifications as well as expected issues such as programming errors. Speaking of security as a thing that can be achieved is mostly wrong and confuses many.
