There are right ways and wrong ways to deploy WP correctly/securely and the right ways require an advanced knowledge of secure object oriented PHP, javascript, and of course html if you want to dip your quill into the rich media pot. Otherwise you're stuck with using 3rd party wordpress plugins/extensions/themes and thats where 99% of the balls end up being shown.
But yeah drupal is certainly a more mature solution but again, it has a much steeper learning curve.