Because CSS, because HTML tags are rendered server side and that H1 should be a H2 or that tailwind div soup is funky, or the company team member pages needs ACF to keep tracks of member profiles because editing the page by hand takes too much time,etc.. webdev :/

The other option is things like Elementor or Divi which aim to give content team the ability to modify layouts (and even links to dynamic elements in db) but it's a whole another mess (but it wouldn't be your, yeah !).

Someone at WP is aware of it though, hence all the work on gutenberg and front-side editing (FSE) which ultimately should turn WP into a complete headless CMS.

> Why is plug-in code not sandboxed? These are WordPress problems.

Definitely ! Wait until you have a plugin breaking wp-cli so you can't deactivate it... rm wp-content/plugins/foobar-plugin -rf to the rescue.

> At the end of the day, if you tell me that WordPress is an application framework, that themes are code and plugins are dependencies, then okay -- devs own it and there's code reviews and staging environments and deployments and migrations and all the rest.

> But if you tell me it's a CMS so marketing people can have a blog, I just ... thought it would be simpler.

Yeah, if marketing just wanted a blog and no forms to collect resumes, polls etc. I'd have given them a ghost or a very reduced/amputated WP and signed binding agreements that no plugins or themes would ever be installed on it.