also, modern WP and WP from 10 years ago are very different beasts. Now most of the risk is in plugins, and if you're careful about plugins - it all works okay, without security issues.
I've been deploying WordPress for 10+ years and would agree. WordPress is much safer and mature, it's the plugins and sometimes the themes that are the problem now. But we monitor, and patch. No big deal.
