I couldn't agree more, although I'd argue that there are two things that keep people using WP.
1. The UI. Most people know it, at least a little bit, so it is sold on the fact that it is usable. I'd say this is true in the same sense that Hacker News has a great UI. It's functional, but all its warts are masked by its familiarity.
2. The plugins. I know loads of WordPress developers in 2018 that couldn't tell you what composer is. I don't want to tar everyone with the same brush, but a lot of people choose WP because they don't need to write code, and that comes with its own problems when you want something a bit different to what your favourite plugin offers.
3. One-click installation on most cheap hosting accounts in the world.
The plug-ins could contain ok to vulnerable to malicious to disastrously bad code and could change from one version to another so when you update an OK plug-in you may introduce malware to your site.
I hope to never touch it again.
If I had to start a new website Iād likely use craft or Jekyll+netlify+netlify CMS or forestry