If the year ahead is even half as interesting, it will be a powerful thing to experience.
Does WordPress really embrace a spirit of democratization?
There are many layers to any notion of security. How well do you understand each?
Fundamentally, though, your application should always be broken up into separate components – each should be capable of functioning somewhat on its own.
Always sanitize and/or validate the inputs of every function before assuming the data is valid.
Would it be a day well spent?