Roll your own! It's fun. My site is a custom made file-based blogging platform written with Python Flask, and it's a joy to use since I made it exactly how I wanted it to be made. One feature that I really enjoy is being able to call source files into the post. This allows me to create/update code snippets extremely easily. Markdown + calling includes on my source files is exactly what I needed to efficiently produce content, so I made it myself.
Sure. I can just open source the site after I remove some private stuff and improve the documentation a bit.
I have a similar site (my old web design partnership vertstudios.com) that already has an open source mirror[0], but it doesn't have source file inclusion or tags like my joequery site.
I just started playing with Hyde as a blog engine, which is a static site generator for Python. So far the only blog posts are about setting it up! http://esd.io/
Flask is very cool too, though, and if you want your sites dynamic, I'd recommend it. I choose Hyde because my eventual goal is speed: I want to see how fast I can get a "real world" page to load.
Of course, security is always an issue. I kept everything as simple as possible to reduce the number of ways an attack could exploit my site. I don't believe it to be any less secure than your standard Wordpress site.
