I have been using WordPress for past 4 years. I do agree you, lots of plugins come without test cases and that opens up security issues.
but I disagree about WordPress core didn't unit tested. they do also they encourage plugin / theme authors to follow the same
make.wordpress.org/core/handbook/testing/automate…
The plugins makes you life easier, we cannot write code each and every functionalities. there are 70k+ plugins from the 1 min staging to incremental backups.
there a plug-in called versionPress its a VCS for WP and also you can do continues deployment with app.buddy.
Most of the WP people use FTP agreed but that's a option, WordPress supports FTPS, and SFTP also.
There are lots people contributing for WP. make.wordpress.org/chat all security issues patches immediately and plugins/themes will be intimated about issues and if they don't release the patch then that will be removed from the repo.
And it doesn't require any coding knowledge to have your own blog, Need to backup, stage, clone, put maintenance mode, VCS, easy theme customization....? There are plugins for everything.
You take any software it has some disadvantages, that doesn't mean that we SHOULD NOT USE them.
27% sites are running on WordPress.