Let me make a clarification of what I was posting about Open Source. I was referring to a specific site that I had first hand knowledge about. I guess I should have posted my comment with the quote from MrGamm.

The site used Joomla. It was defaced and it took a considerable amount of resources to get it rebuilt close to a month later. The person was informed prior to consider the software carefully before deploying his business using it.

I used phpBB for a while, it was defaced 3 times. I took it down.

The point was made more clearly by MrGamm.

I think, and it's only my opinion that most sites that are created by some of the "Open Source" options, are done so by the webmaster / programmer as a solution for a site. This being done without any additional follow-up for security patches. The owner of the site would rarely be involved, just as they are rarely involved in a common simple HTML site. So then the question is, does the programmer building with the "Open Source" option, recognize the security issues and actually know what to do about them.

If the structure of the site is given away to all that want it, surely the ones that would want to screw up the site would also have access. It's not about being free or proprietary, or which operating system is best.

Perhaps I'm wrong about this to those that actually use "Open Source" programming, I was posting only about my experiences using it. Anyway, It's an interesting thread..