With WordPress, there's always the possibility of your blog being hacked, because it executes queries and there's always the chance for bugs to exist some where in the huge ocean of code.
On the other hand, with static blog generators (like specter, octopress, pelican, etc) your generated blog will be static html and as far as I know, there's no way you can really question html's security, simply because security doesn't apply to it. You cannot attack html because it doesn't run queries or anything, it's just static data being pulled from the server and displayed by the browser. So, in the end, the security goes back to your host and how good the machines are configured (when you're using shared hosts).
Compared to WordPress, you definitely do; but think about it, there's lots of stuff in WordPress that a blogger doesn't need. WordPress is not just a blogging platform [anymore]. However, on the other hand, by using static sites you're entering a whole new level of security. But don't fear, for commenting, there's Disqus which is pretty good, and I think it's built into specter as well! Even if not so, adding it is just copying and pasting a couple of lines of code :)
Nah, just use Disqus for your comments. Octopress includes this by default, probably others as well.
I've been using static blogging for about a year now, it's great. Fast, simple, miss nothing from Blogger or Posterous, don't know about Wordpress never used it, and all your content is stored in your own Github repository.
Commenting is a pretty big part of the blogging community. I'd hope it would be included in any blogging platform. But then again there are outside sources like disqus for comments so you can bolt that onto your posts if you feel inclined.
Static engines:
* Do one thing _good_ (i.e. blog)
* Fewer lines of code, which means:
* Easier to maintain
* Easier to read
* Easier to customize using small chunks of raw code
Dynamic engines:
* Do many things (i.e. having multiple authors, multiple formats, visual editors, plugins, etc.)
* Many more (as in x^5) lines of code, which means:
* * Harder to maintain
* * Easier to use for _non programmers_
* * Easy to customize SOME things (apply a theme), HARD to customize the whole thing properly (you need to read huge chunks of code that might break if you change them)
--
The above reasons make Wordpress pretty much insecure compared to a Static website (i.e. Jekyll engine like octopress). Of course you could have a bloated wordpress websites where all it's plugins are revised and secure while you could have a static website where it's running buggy JavaScript which reveals your IP to the NSA (random example pick) but the % of having a bug in a bigger (in terms of lines of code) app is way higher.