Indeed. Staff at the hosting service I use for professional purposes have always been very down on WP. My understanding from our various conversations is that for any systems where they were providing some sort of managed security service, it was a time sink to keep everything up to date. For any shared hosting systems where they weren't also managing the security, there would be frequent compromises and then that would get things blacklisted, so potentially other customers using the same shared resources could be negatively affected in at least two different ways. They don't seem to have become noticeably more positive about any of this in recent times despite the arguments about WP security being better these days, which suggests that there is still enough of a problem to be concerned about.