If I was building a website myself so that I could sell products through it then off the self, selling product is what pays the bills.
If I was engaged by the site owner to build it then I would tend towards a shopping cart but would depend on the precise requirements. I would take care to point out the limitations of any carts recommended and the cost and risk of a bespoke solution.
Context is the key. For a 1-5 products-rarely-changed site, you don't need the overhead of a huge cart with features you'll never use. It's is demanding on resources and file space (most of them are huge) and likely to be slow(er), especially on shared hosting. Any more than that, or frequently changing products requiring modification by the site owner on a regular basis, use an existing solution.
Temper that with budget and experience - if #1, do you have the skills to write a secure script? If the answer is no, or "I can do anything even if it takes me forever to figure it out," there are lightweight solutions you can implement without re-inventing the wheel. Shopify is one good example for a few simple products, but it's a hosted solution.
You could do a hybrid site if by using a service that handles the cart and purchase process for you. Then you could design/build the catalog portion yourself using and hook into their service. This way the security issues including PCI compliance would be out of your hands.
I think for online businesses the security aspect should be prioritised; if I were to move on to selling directly, I would have to deal with customer data on things like payments (e.g. credit card details). I would not want to do that myself unless I was a very skilled programmer; it might get you into severe liability issues if things go wrong.