The real problem is that, as with any other product, there are few people who understand Apache inside out (and they can protect themselves) but there also those who are using the technology but do not have the luxury of learning everything there is about it (and there are many legitimate reasons for that).
- Hardening WordPress
- How to protect wp-admin directory using htaccess
- http://blogsecurity.net/wordpress/article-210607/
- ModSecurity Blog