Let me take a step backwards for a second and explain my situation. I've been developing for the web for many years now and I've seen technology come and go but I've never seen an idea of an OpenSource web portal take such a strong hold as Joomla! has. PHPNuke was close but even then you rarely randomly stumbled upon a Nuke site every second search. However, unlike Nuke, Joomla seems to have taken over like a bad storm.
I still have some websites lingering around that use Joomla but I am very much dissociated with that CMS, infact any CMS nowadays. I find the issues that these systems bring to the table far outweigh any little added productivity that a small group can sustain. There are teams of script kiddies from Asia and elsewhere scouring online websites for these systems to prove just how easy they are to hack into. If you have an online database with confidential client information, you are in trouble.
The largest website I manage is my own and it ran Joomla for 2 years while I was working on my MSc degree. I had to deal with repeated attempts by hackers to break into this website. It was very frustrating after scouring logs on my linux server to find out that they came in through one of the "secured" CMSs. SQL injections, cross site scripting hacks, upload/media vulnerabilities, you pretty much name it that so called secure web server had one big gaping hole in it and that was Joomla.
I peruse Joomlancers sometimes when looking for some spare cash (freelancing site dedicated to Joomla) and try to encourage local North American companies to ditch this disaster of a CMS. Not only do you have to deal with bugs and exploits at the core but when people load up this CMS with extensions that are mostly all crap (even Community Builder can't seem to get it right) you put together a nice looking template (like this guy with his book from Drupal suggests) and then put it out there for the "Mad Dogs of Vietnam" to hack into and make your online reputation look like shit.
I salute the chap that pointed out how vastly the Joomla community is growing with its extensions and micro-economic community, its a good point really. But if you take a look at whose running these communities (Joomla Art, a popular Joomla template company, Joomlancers, and others) are all owned by a Vietnam company that has less than stellar ethics when dealing with clients - Just search the Joomla forums. I have to wonder why the top contributors and hackers are all from the same city Hai Noi =) Birds of a feather I suppose or is that just job "security"?
I got out as fast as I got into looking after websites running Joomla. Last year we had 13 clients running Joomla and what a headache I developed looking after these sites. The previous freelancers knew how to use a CMS and after that they knew nothing. Even their half-assed attempts at building in additional functionality was more of a joke than anything. I had clients breathing down my neck over issues that were really out of my control. One day I woke up and realized that the real issue was Joomla and thats when I drew the line with it.
Now a days I only work for clients that will develop from the ground up. I no longer have to deal with the types of security issues that these open CMS systems bring to the table. They are great to impress a client in a hurry with something that looks and works right away but as the days turn into months you will have the gut feeling like "what did I do..." ...don't do it. Build yourself a core set of functions and your own library in PHP and then build ontop of that individual sites. Code Ignitor among others still get a thumbs up from me. Don't use the same mysql fields all the time. Change your database connection strings up. Change critical global variables every now and then. Thats my 2 cents.