Using a pre-built CMS or making your own?

DonkeyStyle \o/

Just something I've been mulling over lately...
Is it common to make your own/custom CMS per site? or do you just customise a CMS to fit each time?

I've messed around with a few popular CMS, but I find trying to strip all the unwanted crap off them is a lot of work.
Most of the time all I need is a single-user(admin) login edit/add/remove-content system... most of the CMS I've seen seem extremely bloated for my needs.
I've made my own login/update system before with php & mysql... and though it wasn't battle tested like the popular ones... its source also wasn't available to the public, and as a result I guess wouldn't be subject to the kind of auto-tried exploits you find in your server logs.
Security by obscurity in a way I suppose.

My thinking is that once you secure the hell out of the login page (and access to admin pages etc) and you're not giving limited accounts to joe-public, then there isn't as much need to input-filter the crap out of everything inside... visitors basically have no input aside from the login page which they won't have an account for, so there's no opportunity for privilege escalation or code injection in the first place (will generally regex the arse out of the login page).

Then again, if the 3rd party CMS allows the site to be defaced, I've got someone to blame, but if it's my own custom CMS, I've got egg on my face.

So what do you think? Am I completely backwards on this? Am I being unrealistic about the secure-because-it's-simple rather than complex-but-proven.
tbh I'm torn on this, honestly due more to my inexperience than anything else.

I suppose it all depends on how sure you are that you can make something that isn't filled with security holes you didn't know existed.
Is it such a minefield?

Bob the Builder

Well I use CMSMadeSimple(.org) and I knowing little Php, am able to remove all that extra bist of crap....and then it works almighty good...