Also, Wordpress could help the situation by not being in a constant state of suck.
Wordpress, Drupal and Joomla should be the poster boys of the free software revolution. They do real work for real people and they do it better than software for tens of thousands of dollars does. So why do they have to so dreadfully riddled with security problems?
Part of the problem is PHP. I've had the misfortune of using the common web mail frontends in the language and they've all had critical holes in them as well. So why do so few other languages, with the exception of Perl which has some excellent blogging and mailing software, reach the critical mass of developers?
Is the situation beyond repair? Will it plague the web forever?