I'm going to answer this in a different way.
iWeb is very insecure when it comes to ONE very important and common component of basic web development:
FORMS
Because even though there is no server side scripting nor is there encryption of any kind on Apple hosted iWeb sites, no form created with the tool is secure. Yes, it's true most iWeb sites are static. Yes, it's true iWeb has not form wizard, so it takes extra effort involving the web widget and pasting HTML into the snippet box. Yes, it's true if you upload it to a third party host then it depends on the resources there.
But for people who don't know all that and simply use the basic iWeb and add in basic forms they got off the Internet to send submitted data to third parties without server side processing (which is possible,
here's an example using Google docs) -- this could be very insecure depending on the data being sent. Too easy for abuse to occur, is my point.
I don't blame this on Apple or suggest using any form is bad. I'm just saying its far too easy for abuse and I'll bet alot of you are surprised you can do a form submit with the basic product on Apple's own servers.
This is just an example of why security is really all about context of use as well as the developer's preparedness and knowledge of security protocols, not just the technology or platform.
-jim