I wonder if there is an explanation of why it is like this(?)
Myself, like most people do not have time to recover several times a week.
Most people don't have a need to.
I think you may find frequent discussions of a similar nature in any Blog/CMS support forums. SQL, PHP, and server/web-site administration and security issues are not exclusive to WordPress. Nor is the introduction of malware onto the client machines that interact with those web servers, or the introduction of threats through third party plugins or modules. It seems lately that the frequency of conversation about ftp password harvesting on infected machines has been on the rise. Frankly, I get the overall feeling that most of the issues you read about here in the "hacked" discussions, were probably reasonably easily avoidable.
I don't think you can categorize it as one of those "what is it with WordPress" things. A large target audience just presents a larger target for people who feel they need to do that sort of thing.