Please divide the location of user specific and common files!
The reason for this request is that it could be very hard for a normal rather computer illiterate user to upgrade WordPress. If the common files where installed by the web host and only the user specific files by the user then the web hotel could do the upgrading (and this would hopefully be a very simple job). Of course, the user specific files must then be backward compatible (or version independent).
If this is not done I guess WordPress can get a bad reputation because of security holes.
PS: Maybe reading my rant about this can make the situation a bit more clear: