So instead they point the domain at Medium and any XSS attack on Medium can steal their customer accounts.
I highly doubt either WordPress or Medium are susceptible to an XSS attack, but if I had to bet on one being safer I would bet on the open source software already used to power thousands of high profile websites.
I highly doubt either WordPress or Medium are susceptible to an XSS attack, but if I had to bet on one being safer I would bet on the open source software already used to power thousands of high profile websites.