Avoid Wordpress...really? I can understand avoiding shared hosts because you have less control of the environment but going to an alternative blogging platform because it is more obscure than Wordpress seems to be a bad approach (and if you go with a vps solution you might have the headaches of maintaining a secure distro). This is like saying "you should use Linux or Mac because Windows gets attacked more".
Any piece of software that is popular (I saw a recent statistic that wordpress powers %10 of the top 1 million sites as ranked by Alexa) will be much more vulnerable to attack than less popular software. At the same time, you get a bigger community and all the goodies that come along with that popularity (more plug-ins, themes, etc...).
I don't think that getting rid of the software is the correct approach in this case. You need to approach it by assuming that your wordpress site will be attacked every day and you need to have a plan to remediate this. There is no perfect security unless you unplug your web server from the internet. For a one blogger site - one simple approach would be to:
1. Run something like open source tripwire (http://sourceforge.net/projects/tripwire/) on a nightly basis so you can get alerted if any wordpress files get changed (HN peoplez: anyone have a better tripwire-ish solution that is free?)
2. Run a nightly backup of your files and db and mail it to an external account (like a gmail account)
3. have a script that can reload your files and database quickly from your backups (obviously - this needs to be tested)
I agree that Wordpress gets attacked more, and has more vulnerabilities uncovered, because it is popular. Unfortunately, that isn't the only reason. It is the same worst-of-both-worlds combination that WinXP SP 1 was in 2003.
Infrequent bugs are a feature, they keep users from having to upgrade their software, which is annoying. That's why I avoid Wordpress.
I've never looked at the WP codebase, but I'm just flabbergasted that a piece of blogging software that's been around this long has so many holes. Anyone who just wants to run a simple blog with minimum hassle on a VPS is terribly ill served by Wordpress.
