What are some specific oversights that you have seen with just WP?

What issues could be avoided by using a hosted wordpress service?

My experience is with Pressable, so sorry if I'm assuming WPEngine is the same, but I can knock these off easily by using Pressable:

#2 - Default admin. I was given a secure admin password

#4 - Backups

#9 - Caching, and really that's an understatement.

#11 - Ignoring updates

#16 - Not using CDN

That's awesome I will have to start recommending that.

Thanks for the tip.

I agree when will wordpress acknowledge this and make a change to the default username