Wordpress is like Apache or Sendmail. A 500-headed monster. It's simple enough to use and does everything. It's also sloppy and overgrown. Most people don't need all the extra stuff it does. Certainly not at the expense of security.
Apache => Nginx
Sendmail => Postfix
Wordpress => _______
That is room for an enterprising open source developer.
"It's also sloppy and overgrown. Most people don't need all the extra stuff it does. Certainly not at the expense of security."
The problem is that everyone needs a different 20% customized. This is what Joel Spolsky basically argues in Bloatware and the 80/20 Myth: http://joelonsoftware.com/articles/fog0000000020.html . He's talking about desktop software, but you can see the same essential thing in blogging software; I'm using Wordpress for Grant Writing Confidential at http://blog.seliger.com chiefly because it has everything I want and is easy to use.
The extra stuff I use includes themes and a couple of plugins, like one for generating an XML sitemap and another for cacheing. I know that blogging platform X probably has the particular set of features I need -- until I find something that it can't do.
I don't trust Sendmail but there's an emotional component to that; I would have laughed at you for using it in 1999, but I think 2 decades of analysis has to produce some result.
There's something more going on with Wordpress than simple complexity.
It's had its fair share of problems. Mostly in the past at this point though. It is heavily bloated and overgrown compared with something lean and mean like nginx.
Even if Wordpress didn't have security issues there'd be room for an nginx of blogging.
Apache => Nginx
Sendmail => Postfix
Wordpress => _______
That is room for an enterprising open source developer.