Can't answer your question about security, but here are my observations. Both programs and great, but I'd say Joomla is a more mature CMS while WordPress is a GREAT blog that has been "stretched" into a CMS, meaning that rather than rewrite wordpress as a full blown CMS, it's been modified to make it accomodate more and more CMS functions.
As a result, both apps will more or less do the same thing. However, wordpress requires what I call hacks to that require adding code to several files just to add "sidebars" to an area outside the normal sidebar area or the add a second menu.
The sidebars are a perfect example of wordpress stretching. Rather than change wordpress so it can have positions in a template where you can add things like menus, custom html code blocks, login, search, etc, they modified sidebar so you can have more than one and it can go in multiple places, but it's still called "sidebar" even though it may be in the footer or the header or anywhere.
Joomla, on the other hand, makes it very simple to add positions to a template and then you can add calendars, logins, search boxes, custom html code, etc.
Here are a few more things that keep me from using WordPress for anything other than a blog:
#1: The editor in wordpress sucks and it strips out html code. Joomla's JCE content editor extension is years ahead of the WP editor.
2: When you add a custom html widget in WP, there is NO wysiwyg editor. WTF?
3. Image management: wordpress does not allow you to create a folder structure to organize your images. Instead, you have no control. As a result, when you are looking for an exisiting image, you're screwed unless you can remember the name of it. You have to browse through all images. Same with all media.
3. WordPress does not let you store your articles in categories. Only posts can be stored in categories. If you have 100s of articles, it's a real pain finding them in wordpress. Same for linking to articles. A big pain since there is no organization to it. You have to wade through all of them or search. In Joomla, you can filter them by category.
4. Adding menus in wordpress is a pain. You have to write code to include it. In Joomla, you simply create a new menu, add items to it, and then create and publish a menu module to any position in your template.
5. Since wordpress is still a long way from being a full-blown CMS, it seems that almost EVERYTHING you want to do other than blog requires searching for and installing plugins. Don't get me wrong, the plugin system is great. But a LOT of the things that require a plugin should be part of the core.
6. Wordpress does not have a permission system that allows different users different access to the program. Joomla 1.6 introduced native functions to do this.
7. WordPress has no front end editor, and I find the word around for it a big pain. All it is is a menu system that takes you back to the admin.
On the other hand...
1. Joomla has no built in comment system so you can turn a cateogry into a blog. Yes, there are many Joomla extensions (think WordPress plugins) that can create a blog in Joomla or add ability for a comment system.
2. Joomla is probably more difficult to learn from a developer standpoint, but that's also what makes it more powerful.
3. Wordpress is easier to maintain because their plugin system updates are easier to manage. Joomla 1.7 added updates so you can now update Joomla and some extensions through the update extension function, but it's not as easy as wordpress. What's more, wordpress allows you to seach for and install plugins right from the wordpress admin screen. A very nice feature. With Joomla, you have to search the entensions directory (on the joomla.org site) for the extension, then download it to your machine, and then install it in Joomla. This is not a problem for me, but if you have someone with limited experience, it might be a problem.
Joomla Website Design / CS-Cart Website Designhttp://writenowdesign.com