It doesn't need simplification, it simply needs a security code review before being released. Someone with a security background needs to check the code at all access points for vulnerabilities.
However, that would only secure WordPress which still leaves all the plug-ins and themes that need the same kind of testing otherwise you're still leaving it wide open.
What the heck, it's free, you get what you pay for! ;)