[pdimitar]

And this has led to countless SQL injection vulnerabilities some of which WordPress in particular is still fighting with (in community extensions, not in their core) to this day.

"Trivial to connect to a database" isn't a selling point. It is a liability when put in the hands of inexperienced programmers.

[icedchai]

People really need to be taught about prepared statements. I once worked on a code base (mainly PHP and Java, with a bit of Perl here and there) where someone had built their own SQL parameter escaping. It still didn't work some percentage of the time.