WordPress is a great piece of software supported by a large open source community. It is quick to deploy, easy to configure, and easy to use. When it comes to simple content management, WordPress is the way to go. However, some of us have had the unfortunate event of getting our WordPress site hacked or defaced.
mysql_real_escape_string() should always be used on data being placed into your SQL database.
If you plan on building a PHP application, you'll probably end up using cookies, especially if there are user accounts. Cookies will allow you to store specific data for a certain amount of time.