Joomla has a great track record on security. In the period of the rapid evolution of 1.7 to 3.3 (Aug 2011 till now) security has been treated as a priority, and as new features have been added, security has not suffered, as can be the case.  Good design patterns and a strong platform have be a huge help with this progress.

Whilst WordPress has always struggled with security, and Drupal has also had issues, Joomla has fared well generally.

You can keep up-to-date with the Joomla Security News Feed.