IMO, the only reason that you gave that holds water here is that it requires dynamic hosting and that the resulting operational complexity just isn't worth it for a personal blog. Having to add caching plugins/config for a PHP CMS isn't out of the ordinary, being written in PHP is not in itself a negative point (modern PHP really doesn't suck).
I will never, ever, ever advocate for running Wordpress for much of anything, but I would also argue that any nontrivial piece of software has a fair number of security issues and that Wordpress vulnerabilities are particularly visible because of how widely used it is and the public-facing nature of the software.
I will never, ever, ever advocate for running Wordpress for much of anything, but I would also argue that any nontrivial piece of software has a fair number of security issues and that Wordpress vulnerabilities are particularly visible because of how widely used it is and the public-facing nature of the software.