Click to enlarge
Interesting question with an insighful answer from the co-founder of WordPress… http://www.quora.com/I-am-powering-a-banks-website-using-WordPress-What-security-measures-should-I-take
Key takeaways for you are to USE STRONG PASSWORDS, and avoid collecting or storing private data inside of WordPress. Fortunately for you, we take care of keeping the underlying hosting environment updated and secure, and regularly perform updates as they are released for the WordPress core and plugins.