None of the CMS' to this day released on here care about either security or speed. I've never seen a CMS released on here that uses proper techniques to get the most out of PHP (performance wise). Many people still write their CMS' without any proper caching of static values. Or values which should not change a lot. People do not seem to realise that querying 8 times on every page load is Ducking slow. Especially on things which can be cached locally. For example UberCMS, RevCMS and IlluminaCMS a database connection is opened on every page load and a query is made for something. During this time, PHP must open a connection to the MySQL server, MySQL must process the query and respond with the data. Which in computing is not very fast. This is done for every page load, as where if you stored the data in MySQL, then cached it in RAM then that will take a huge load off the I/O, making your script faster because with MySQL that also has an overhead; seeking the data from the HDD, which unless you have a HDD is inherently slow unless you have an SSD but even if you do access to RAM is faster. Scripts are also wrote poorly. And many developers have the idea that if they write everything in OOP everything suddenly becomes faster.
As for security there isn't much nice to say either. None of the popular and most used CMS' use prepared queries and have a piss poor attempt at PDO. People rely on deprecated functions and drivers such as mysql_real_escape_string. Which can be bypassed in certain situations. The CMS' released are certainly not on par with their server counterparts. The servers are coded much better than the CMS' in this section which is very ironic considering PHP is one of the easiest, if not the easiest programming language there is.
It comes down to the fact that no one really cares about security or speed in this community. Retros will never be legal and will never be a "stable" thing people can rely on. They're dependant on Habbo which is becoming a failing business in itself, and without habbo there would be no retros. So I guess hotel owners think "why bother, this is not my future" or something along those lines.
If you want my honesty don't sit around and hold your breath. The CMS' released here will always for the most part suck. If you want a nice CMS that is fast and secure learn: Computer security, good programming practices and PHP. It's fun, educational and free. You can make your CMS to your liking and make your hotel stand out more.
Apologies for rambling, I just thought I would share my thoughts on your subject.