Yes. Of course. Most of the problems with Wordpress websites are because of bugs in programs written in PHP. When you no longer serve PHP and are just serving a bunch of HTML/CSS files then there is nothing left to hack. (unless you want to target the webserver [such as Apache, etc.) but 9/10 times it is some sort of an outdated software or just some previously unknown bug in some plugin. Less attack surface, more peace of mind.
Not the GP, but I'm guessing they prefer static sites simply because they are much more difficult to hack or compromise in some way. There's no database to defend from injection attacks, etc.