I've recently been saying that one big advantage Drupal and WordPress have over Joomla is the centralized hosting of "third party" contributions (plugins/extensions/modules). Yes, Joomla has the extensions directory, but come actually downloading the software, you get directed to the individual developer's island website to do the download (where you might actually need to first register, are likely to needing to do some digging to find the actual download, etc.). This makes evaluating Joomla contributions a tedious task, but it also emphasises a feeling that the Joomla universe is fragmented. Henrik Sjökvist has actually done some digging and comes to a more shocking conclusion: the way this is organized with Joomla actually causes less secure contributions.
It is interesting to note that this hypothesis is emphasized by the number that goes with WordPress (70, against only 9 for Drupal and 637(!) for Joomla - disclaimer: I haven't actually verified the source, this seems like an awfully big contrast). WordPress does have the central hosting, but does not have the version control and issue queue infrastructure that Drupal does. I think central hosting and the universal accessibility it creates makes it less likely functionality is duplicated and the contributions that do exist benefit as a result. Even better is Drupal's approach, where not only the software, but also the version control and issue queues are centralized, making sure even more eyeballs are on the code.