Let's not forget this is the government. You can't simply just build stuff. There are many levels of red tape. Software has to be approved, etc. It's far easier to stay with the status quo and use what's already been approved then try to convince management there are simpler, more secure ways of building sites.
On the other hand, whitehouse.gov being the target of a zero-day WP exploit isn’t going to be a huge deal since it’s just a website for putting public available, or soon-to-be publicly available stuff. The only big attack vector i can see is it being used as a sure-fire way to target senior administration officials with other exploits like a chrome or Firefox zero-day.
I think it would definitely be better to do a SSG or even wordpress with static output since you can throw it all behind authentication, which greatly reduces the attack surface.
