With a known script, there are more targeted exploits, but also more patches…
I have some custom made scripts, that nowadays I’m even afraid of using them, because I don’t know if they are secure or not.
It’s not hard to get PHP it self secure. The structure of the code is important (think classes). Founding exploit in your own classes or functions, that is well commented and well structured, isen’t hard in PHP. PHP 4.x even fixes SQL injection for you (default config that is)! I’m just happy that I can use PHP now days, instead of C.
For CMS use, I recommand using SSL + htacces. You won’t need anymore security then that, and I’m yet to see any of the common CMSs that has better.
Another reason to use your own CMS is that you can customize it to be exactly as you want it to be. For Bonus Money, for example, I have everything in the CMS. SE backlink checker, SE rankings, backlink checkar for all the link exchange sites… Any normally skilled PHP coder can achieve this in a very short time, and I recommand it warmly.