Re: If you care about security
@Crazy Operations Guy
I think Wordpress is pretty good...I've only ever had one hacked; and that was a disgruntled ex-employee (nobody told me was fired) that had a password. There are regular and fast security updates; and updating just involves pressing the "do it" button. You have to watch out for how well the plugins are being maintained; and also a bit of tweakery in the setup stage is a good idea; but on the whole it's pretty good to date. You can even order it to keep itself updated (if you just *know* you're turning it over to someone who will never, ever do it for themselves)...not an ideal solution; but hopefully the client will get bored of it and get it redesigned before it gets done over...it extends the life of an unattended install.
Compare that to Drupal (and most other CMSs) where updates are infrequent and you have to take the thing to bits to update it; which doesn't encourage fast patching because it takes longer and is a pain in the helmet.
Straight HTML is best if you're just displaying static info; but then the client needs to hire someone in to change anything.
If you want the site to do anything; or if the user wants to be able to edit/add content themselves; there aren't many options that will touch Wordpress ***provided it's kept up to date***.
In this particular case; it must have been a fairly fucked-up setup where compromising a website would allow you to get at the mailserver.
Biting the hand that feeds IT
