No, this is why you use a framework. A good framework enables best practices with minimal overhead. Even a framework may be overkill because there are tons of websites that are extremely simple in nature, and maybe only need a dab of PHP here or there to add the necessary dynamic elements.
Drupal is (now) just as much a framework as it is a CMS.
# Drupal starts you off with huge overhead. You will be running tons of code you aren't using from the get-go. You're basically starting off with quite a low ceiling.
Not quite. the core modules are getting more and more efficient, cutting out everything that isn't basic content and framework code. It isn't CakePHP or Rails yet, but its still quite small.
You will be sacrificing design for ease of development.
False. With zen theme and drupal documentation, you have FULL CONTROL over every aspect of your website. With drupal 6, it gets even easier with Theme developer. My friend just started using drupal a month ago, with limited PHP and Zero drupal experience. He just finished up his gf's page: http://thelovebugdj.com/
Drupal makes it hard to optimize your database usage.
True, that is a tradeoff with -ANY- framework by default. However if you have the need for further database optimization, there are many documented ways to make drupal perform well. Instead of spending the budget on building a site from scratch, instead you can dedicate a portion of it in optimizing it. Remember, Popsci.com, MTV.uk, SonyBMG all run drupal.
Drupal requires an expert to really make it sing.
Depends on the size of the site. A small one as shown above doesn't require an expert, just some nights looking at documentation; which by the way, thanks to Lullabot, pingvision, Acquia, and others, drupal has some of the best documentation around.
However, for bigger sites, you're already going to need experts to get it to do what you want. In the context of E-commerce, I'm CERTAIN you will have a more complete system, built in less time, if you go with drupal rather than building an ecommerce system in Rails. Sure, there will be features that a client will need, and will need to be added to the quote, but you'll be leaps and bounds further from the get-go than if you use a basic framework or build from scratch.
SQL injection, user login, search functionality, XSS, XSRF, user input verification, all are things that are annoying and need to be taken care of. I'd rather have a tested system with a workable upgrade path and spend my time working on the content I need to build the app.
Drupal used to be hard to upgrade, but these issues have largely been resolved in 5 and 6. If you haven't seriously worked with drupal since 5 came out, take a second look at drupal, its community, and evolving modules. Its quite impressive.