I'm chiming in a little late for the initial discussion but....
I've been steering clear of WP since last Spring when someone used a WP exploit and stole personal info/crashed sites I was managing on Media Temple's servers (and most likely other server farms as well). Fortunately, the ID theft only applied to WP sites and I was setting up Drupal sites so they were safe. Unfortunatly, the server crash effected all accounts on the shared servers that housed WP sites.. so my sites went dark until the MT guys straighted it out. Needless to say, it was a royal pain and caused my non-technical client to start the "what did you do to my sites" finger pointing.
Result, I'm sticking with Drupal...the CMS, particularly with the recent 7.0 release, is extremely robust and flexible. The Drupal community (module builders) seem to take security seriously as well and have nice configurable features built in to curb SQL injection attacks and whatnot. Pilot error not withstanding.