The security issues are largely due to it being relatively young code. In addition, it creates an entirely separate set of interfaces to interact with the site and database. This is a huge security concern. I actually work for information security (specifically application security analysis). Adding this software creates a very large surface area for attack, with a lot of ways to possibly find a hole. ALL software has holes/bugs. Complex web-based applications are the biggest risk.
In general, I simply don't see the demand being high enough to outweigh the risks. While it might be a great idea and convenient for some, it's not necessary. It creates another complex piece of code that I will have to regularly maintain. And it adds risk to the site and server. I keep the server extremely secure (as you can expect from a security professional) and have actually had a couple people even perform penetration testing on it to verify.