As much as Wordpress gets bad pub, there is certainly the open ways in which security is handled and patches are distributed. Far better in most ways to commercial CMS (and even some open source) where systems seem to run unpatched until a system upgrade or a security incident.
Seriously! It's not even civil dissent, most of it is mean grandstanding.
Wordpress is ubiquitous. There are more technically challenged users than technically inclined. So here are your options - auto updates, or I'm guessing millions of outdated, incredibly vulnerable sites sitting on shared hosting boxes out there. I like my Webfaction account, I'd prefer the other tenants on my server to be as up to date as possible.
Just such unnecessary snark. The guy wrote a blog post. He's being skewered for it.
As much as Wordpress gets bad pub, there is certainly the open ways in which security is handled and patches are distributed. Far better in most ways to commercial CMS (and even some open source) where systems seem to run unpatched until a system upgrade or a security incident.