Why do you think so? How could that be more hackable in comparison to local bitcoind?
If you run a bitcoind property it can be incredibly difficult to hack and empty all your coins. A web wallet all you need is a username and password. If you get into the web site it can be extremely easy to find those things. With a bitcoind you can set a lot of parameters both in the bitcoind and OS itself to protect it. I am not going to go into detail because I don't have time to write it all out. If you want to pay me I can it setup and make it very difficult to be hacked.
Not sure what you meant there. If an attacker is able to hack into a server and look at your source code or config files to get the password to your web wallet, why would he or she not be able to get into bitcoind and steal your coins?