Since Drupal is open-source CMS, we have to wonder about its security. In fact, some of the recent high-profile security breaches, such as the one involving Equifax, were due to a bug in the open-source software that they used. In the case of Equifax, it was Apache. While many people are saying that the significant benefit of open-source software is the transparency, there are still many problems with this.
First of all, most projects are owned by a sole developer, so we do not know how often they inspect the code. Also, even though a community of developers maintains the software, which is the case with Drupal 8, people automatically assume that someone else sees the problem and will fix it.