The huge downside of WordPress is that you have to administer it. First you have to work out some way of dealing with the comment spam that will start arriving the moment the site goes live. And then you need to keep updating WordPress core and all the plugins and themes you have used. There haven’t been any major security holes in the core for some years, but plugins are a different story. If you ever stop updating, the site will be taken over and turned into a spam bot or a link farm. (Several people have pointed out that WordPress core now has an auto-update feature. This is definitely good news, and helps a lot, but introduces the new problem that a core update can break plugins while you’re not looking.)
This also applies to any similar online Content Management System, such as Drupal, Joomla!, or any of the myriad wikis. But with a static site, it’s simply a non-issue. You can entirely neglect it, and it will just keep working exactly the same so long as you keep paying for the hosting service and domain name.