The main reason people use Wordpress is because it has all those themes and plugins. If you limit yourself to just the Wordpress and a handful of plugins and themes you know are well coded then you cannot use it for a lot of the sites it is used for.
The Windows excuse. The number of attacks and vulnerabilities found seems disproportionate to even taking wide use into account. In any case, why use something you know will be a target?
Point 1: This depends on the intended use and purpose of the Wordpress software. You might be shocked to hear that Wordpress was originally built to be a Blogging platform. It simply has pretty good CMS features as well included (as well as the admin panel being really straight forward). Additional plugins and themes simply modify these experiences to whichever specific need you have. However, there are different software available for different purposes. I don't think you understand that InfoSec is very very behind actual development right now, so there's no 100% guaranteed no vulnerability software available. However, you can minimize this by taking proper actions, such as updating all software regularly and setting up proper permissions. This would include using a piece of software for it's intended purpose, not as a bloated CMS + Podcast + RSS Feed Aggregate + Theme with 200 sliders and a dynamic widget importing facebook likes.
There's nothing wrong with Wordpress being so popular because of their numerous themes and plugins, however with popularity (and having such a large ecosystem) comes with more developers and designers wanting to cash in/develop within that ecosystem. This means high possibility of poorly coded themes/plugins. Simply all I'm saying is use the software for what its intended for. If you have other needs, look into an alternative or maybe look in-depth at what you're installing. If you're still willing to take the risk then go for it. However, all i was stating before was that Wordpress the software itself is fine and isn't like Swiss cheese. It's the plugins and the themes that are usually vulnerable.
Point 2: I don't see why you'd call it a Windows excuse. It's not an excuse for anything. It's not trying to prove anything. Simply state that because it has such a large deployment, those who want to exploit it have the advantage of "reusing" their code to try and hit multiple deployments at once. It's simply common sense. Fish in a bigger pool with more fish.
The bottom line is this. In a theoretical perfect world, everything would be properly maintained, software would be coded with the highest standards to minimize potential security vulnerabilities and maximize efficiency. However, in the real world this isn't very true. There is no single "most optimized" method in anything. Even in science and engineering, no single model is correct and each have different strength and weaknesses. The way the Linux is working right now, it's not very simple and straight forward. It's not very user friendly. I mean it's gotten much much better, but it's not the most user friendly operating system that someone who isn't a power user would have an easy time working on. Windows and Mac are considered easier to use and work on, especially since more people are familiar with them as well as having more resources available.
There's no commonly accepted standard. There has been initiatives to adopt a common standard, however if one person doesn't adopt then that's that. The ability to communicate between a Windows environment and a Linux environment isn't that easy and very frequently requires a complex setup to do it properly. For example, Microsoft Word uses docx standardized filetype for their word documents whereas OpenOffice/LibreOffice use odt. odt is an open standard as well as docx being another open standard. However, both software operate within a different ecosystem and (in the end) "convert" each file format to be readable in their native system. If all the systems worked within the same standard, then it would be fine. However, the effects of this means different end user experience (another example could be the different web browsers using different rendering engines).
Geeze I use the word however a ton. In the end, the reason I use Windows is simply because my workplace uses and using files information between each operating system doesn't 100% work properly. Windows by itself is a very stable and a good operating system. Similar to Linux, the largest vulnerability is usually the end user being a total idiot and not knowing what they're doing. Just like what I said about Wordpress, you can't blame the software for being "bad" and "vulnerable" if it's usually the decision making of the end user that opens it up to such vulnerabilities.
tldr: Wordpress is coded fine. It's usually the end user (decision maker) that install vulnerable themes and plugins that sucks. Just like how Windows is coded fine. It's usually the end user (the decision maker) that install vulnerable software and go to questionable websites that sucks. Don't blame the software for a person's stupidity.
