No matter how you’re involved in WordPress: When Tony Perez writes about WordPress security, you should probably make sure to read it. Especially if the title of that post is 5 Challenges Plaguing The WordPress Security EcoSystem. I won’t cover all of his points, but the biggest challenge that he mentioned probably isn’t a surprise.
As a community, we have enabled a mindset of indifference amongst WordPress users. The process has been oversimplified and there has been an overemphasis on ease of use. While these things are innate in WordPress itself, they are also part of the problem.
I would tend to agree based on my own experiences that website owners factor a lot into security, more so probably than anything technical.