@oddz wrote:
Customizations in the files could very well be broken by updates such as API changes. Relying on core as a baseline is practical but not reliant enough to allow automatic updates without accepting some level of risk for the end user when customization is allowed. General rule of thumb is that if someone other than the owners can touch the code the system can't be automatically updated without medium to high levels of risk in breaking deployments.
Also beginners are the individuals most likely to program in a means that introduces the HIGHEST level of incompatibility with future updates. Well them and those with strict deadlines or contractors who just need to a get a job done. Hopefully not in most cases but sometimes core needs to be hacked or that is simply the "easiest" way to do something with a tough deadline. So are you willing to potentially break those users sites. Users who may have had work contracted, unknowingly push "update" on production and boom goes their entire site. For any open source platform automatic updates is a dangerous path that all to often provides an illusion of false reliability like Wordpress – Sometimes it works and sometimes it don't – The "cross your fingers and pray to god update method".