[kiesel]

> A comprehensively secure automatic update system would have process isolation between the normal web interface and the updater (and the latter would run as a different, more privileged user). However, not everyone can do that. (Shared hosting, etc.)

That's right, and I also think the popularity stems from the simplicity and the fact that it existed when the whole blog thing took off.

There's actually the option to provide your FTP credentials in the admin console and have wordpress update itself over an FTP connection. It is process separation, then, but OTOH potentially exposes your webspace credentials to an attacker. :-)