Just curious where are these 'loads of security holes' ? Are you referring to undocumented security issues that any product has? Or are you referring to actual security advisories.
I have noticed I think exactly one guest escape security issue on vsphere hypervisor in as long as I can remember(going back to at least 3.5?), and that seemed to affect 6.something (i.e. no impact on my 5.5 stuff).
I have seen some other minor security things here and there, but overall it seems the security of ESXi hypervisor (and vCenter) is significantly better than the competition (that primarily being things like KVM, Xen, Hyper-V), though that is just based purely on casual observation over the years.
Can't speak to the other management stuff that vmware pitches(VSAN, NSX, and management tools), as all I need and use is Enterprise+ and Vcenter (on windows, with Oracle DB back end on Linux).
I suppose I am both the best and worst kind of vmware customer, best in that I have been a customer since 1999 running vmware on linux 0.x, later Vmware GSX, then ESX starting with 3.x. At the same time the last major release of vsphere that got me really excited was 4.0(feature wise). Moved from 4.1->5.5 after 4.1 was EOL, and likely will move to 6.x after 5.5 is EOL next year. Their products have literally been easily top 5 of the most reliable big software packages I have ever used, which is the biggest reason I have kept using them, even though I really was expecting(back in about 2009) I would want to migrate to KVM by around 2013. Obviously never happened.
Cost wise it is not cheap, but it is not expensive either, the enterprise + hypervisor is far cheaper today than it was when I started using it in about 2006(and that was standard edition back then, no vmotion etc). The way I calculate that is basically cost per core. With ever increasing core counts and CPU performance the cost per unit resource continues to decline. When I started with ESX I remember our fastest system was I believe a DL380G5 with dual proc quad core, the hypervisor license for standard edition was I believe $3500 for two sockets at the time (Vmware didn't "support" single socket configurations back then). So roughly $450/core. I don't think we even bought support back then, so that is hypervisor cost only.
Very recently I paid about $7800 for a 2 proc license for enterprise + with 3 years production support (through HP- we don't buy a lot so no fancy discounts). Our new systems(DL380Gen9) are 44 cores, so that $7800 cost comes to about $178/core, less than half of what it cost a decade ago.
That's being generous too because the cost a decade ago was very basic ESX, no vmotion, no HA. And no support if I remember right.