I agree that Wordpress should have saner defaults but it is not impossible to build a fast site with it.
WordPress is over 100 files of code 3mb size, loading on every page, BEFORE plugins.
It's impossible to build an active, non-cached site with it.
I have 100% dynamic php forums running side-by-side with wordpress and they are completely uncached - for WordPress that's impossible at the same load.
This is what I love about PHP devs. Imagine how much effort it was to write that. The author may not have have the chops to refactor that into something elegant, but he wanted it done and was perfectly willing to just do it the hard way and FUCKING SHIP IT, warts and all. Its easy to laugh at code after the fact, but you can't argue that a ton of people aren't finding the author's work valuable.
I find it curious we don't necessarily aspire to quality; and I think we should. I'm not happy just FUCKING SHIPPING IT.
How are end-users supposed to judge whether they just blew an enormous hole in their site, by selecting a plugin from the repo?
Time to reflect upon a classic of the genre:
There is an entire WP ecosystem of people having to judge whether they blew an enormous hole in their sites by selecting one of the zillions of plugins available, why is this one different?
But with web programming, if you're not good at it, but you have the perseverance to bash on code until it's "good enough that it works" (which is admirable, don't get me wrong), there's a very high chance it's got some major holes.
This is a real consideration to me, cause I'm working to teach kids technical computer skills, including programming. If I'd teach them PHP, I'd have to wall off the server, because many of their projects are bound to be full of holes, and we can't take the chance that one of those would affect our organisation's website. It's volunteer-based, so there might not be money to get a separate hosting package. Same if I were to give them all their own WP install, some of the projects are going to be forgotten, and I'm not going to be the one making sure they're all being kept up-to-date and secure for the rest of their lifetime.
And that's a cool article you linked. I already knew it, but for those who don't: it's worth reading, check it out!
Of course, I fall short of offering a solution, because there is none that doesn't imply writing bug-free code (impossible if it's not trivial); spending inordinate amounts of our spare time vetting this code; or otherwise stopping people from learning in the first place. The other one is to tell people not to use these plugins, or to be more careful, but they need to know what's currently'safe' and what isn't.
I just don't like the mindset that 'shipping' code is the be-all and end-all when as masters of our craft (hyperbolic?) we should at least aspire to more than 'good enough' or 'working', even if it's unattainable.