HTML is secure because it does not need any database to operate correctly. The only problem is html means written hard coded pages which can be a nightmare.
Another con against HTML it usually doesnt look very good, unless its a web developer working on it, which in turn still takes hours and hours.

I dont think there is such a thing as a secure CMS. I honestly do not see an easy way out of this problem.

I would offer my time, but sadly I already do too many "online" things. Running two online businesses plus a military career takes up my entire time.