Can't remember where I read it, but someone put it best during the DAO fiasco last year when they wrote "Imagine Javascript but your bank account accessible through the Document Object Model."
Even that's only scratching the surface of how awful Solidity is. An example of minor security detail straight from the documentation is this:
for(var i=0; i<arr.length; ++i) {
Solidity is a "statically typed language" with "type inference". In most of these, you'd expect i to be typed as whatever the type of arr.length is, but Solidity does not care, it sees `var i = 0`, 0 fits into a uint8 so a uint8 i is, it'll get promoted during the comparison and if arr has more than 255 elements it'll overflow and the loop is infinite.