Re: Backend in JS!?
Joomla is a great example of why popularity doesn't matter in this debate, it accounts for about 0.5% of CM website, but is 1-2% of the hacked ones. Showing really poor design and security.
The last couple of JS library issues were both included in standard Wordpress installs and you could attack them using buffer overflow attacks to then execute script command, unsure if the other reply to this response would have stopped that as it would be executing inside the library server-side.
My big point was that a LOT of JS frameworks and CMS's include insecure libraries to do trivial things that are obsolete, such as the padleft library for wordpress which compromised 350+ million websites.
Particularly since padleft can be done natively in js and has been available for some time.