Just out of curiosity but what difference does it make whether or not WordPress (or any other similar content management system such as Joomla or Drupal) is used as the front-end? If the back-end which does the actual processing of payments is coded securely and operates independently of WordPress (which I understand wasn't the case here), does the fact that a site uses WordPress as its CMS still pose a security risk?
As for Wordpress, I would demand an official response from them, but that would not happen since they would be exposed to a lawsuit..
WordPress was designed to be a blogging platform, not a Bitcoin exchange. And their terms of use explicitly state that they can't be held liable for situations like these.
That's what they always do, they either say it was an inside job and there was an ex employee who did it and since that story was getting old and boring they're now coming up with newer excuses so nobody blames them. Now it's wordpress, somewhere down the line they're gonna say it's the hosting company etc etc.
The fact is people should just stop trusting sites just because they say they're secure and they have a pretty looking site. They will keep making new ones and keep coming back unless something is done about this.
Bter already said they were hacked by someone who gained access to the hosting company. I think Bitstamp might have done the same thing. Personally, the tone of the announcement posted by the site's owner suggests to me IMO the explanation is genuine. The decision to use WordPress seems to have been the main problem.