I was hesitant to start developing in Wordpress because of all of the bad press it has gotten over the years regarding security issues. But as our business grew, more and more people came to us with existing Wordpress websites and it became clear that many small businesses use the platform and they wanted us to continue working on their existing sites, not starting from scratch.
We reluctantly began creating all of our sites in Wordpress, but we are very cautious about which plugins we put in a site. If a client comes to us and wants bells and whistles that do not add any value to the site we warn them of the security problems involved with adding 3rd party stuff. If they persist in wanting all of the stuff that requires numerous add-ons, we generally wish them well and move on.
We generally have no more then three plugins per install, and they are all time tested ones with thousands of downloads and lots of reviews.
Any site can be hacked, you just have to prepare for the worst and make regular backups.