Re: Does anybody use phar://?
Quite so. WordPress is (almost) ok to use and pretty amazing in its more developer-friendly decoupled state. The problems start when you add any one of the thousands of plugins, many of which seem to completely bypass such simple PHP things as private or public protection.
And then you take a look at Drupal security and gently start to weep ..