old_expat - 5:29 am on Dec 28, 2010 (gmt 0)
My main site has been sort of cobbled together over a period of 10 years and has progressed from simply coded .htm pages to .php with SSI for menus and ad management. Granted, I have LOTS of include files, ie.; headers, footers, main menus (one for each section), section menus, sub menus .. even SSI files that serve Google ads .. different for each section and different locations on a page.
I also have a couple of small databases for very specific content snippets.
The site has reached 700 or so pages, much of it evergreen. The only security issue I ever had was when I tried to use WordPress on another site on my VPS. A hacker published some WP specific malware that compromised tens of thousands of WP sites. It was a nightmare, iframes inserted in every HTML page, including the HTML pages in Apache.
After that I decided that if I couldn't do something without using a CMS, I wouldn't do it.