Wordpress is indeed one of the better systems written in PHP. And what happens? There are several sloppy programming practices found within it. Yes, I know, this happens in other languages too. The point is: the Wordpress programmers are relatively well qualified and relatively careful in their work - and yet such problems occur. Among other things, because in PHP the sources lie within the server root, meaning files that are actually only used internally are accessible via HTTP. And because PHP solutions do not inherently perform input validation and proper text quoting. No, sorry, but I simply do not like such a mess.