On The Nerdery's blog today there's a new post suggesting that most of the reports of WordPress' insecurity are wrong and they're going to set the record straight.
I have often heard the remark "WordPress is insecure!" My response is "Where did you hear that?" and "When did you hear that?" [...] WordPress core is, in fact, very secure, just as secure as any other Content Management System, just as secure as any other software suite or Operating System. Security issues most often arise from administrators and users. In other words, you are the weakest link.
They suggest that between the high-profile nature of WordPress and the constant (sometimes wrongful) warning being put out there about its security, people perpetuate the message sometimes unknowingly. Besides the human element being the largest risk, they also point out a few others including issues around shared hosting and the availability of easy-to-find tools to exploit flaws. They talk about a brief history of the WP core security and how they define the real security of a product - how quickly it responds to security issues. They also include a few suggestions for you to help harden your own WP installation.