It is hard to find Magento cons or vulnerability because for almost things we hear about Magento are good reason. But anything have opposite. Now we are taking on
1. Magento is « fully customizable » by dummies
Magento is as customizable as any other open source solution : you can code away any issues you have. If you can code, that is. Sure, there’s a fair amount of customization you can achieve without ever leaving the Magento back-office (sometimes at the cost of learning XML), but unless you learn how to code or spend money on it, you can easily reach a hard limit. Don’t choose Magento because you think you’ll be able to do anything you want.
The best way to use Magento is still to pay for someone to customize it for you, and stick to the basic functionality.
Anyway, hiring someone one time is cheaper than paying a monthly fee services while we can add anything we want to our store
2. Magento is a complete e-Commerce package
Magento is just a piece of software. This means that, once installed, you will need to do the marketing yourself, which is hard if you’re not used to internet marketing and don’t have an existing high-traffic web site to rely on. You will have to host your web site (and make backups). And will have to do any administrative tasks related to storing user information too, such as registering with government agencies.
Of course, for any solution, you need to do this also.
3. Magento has been used by [large corporation]
The large corporation does not succeed because it used Magento. It succeeds because it can spend money and hire talent to leverage Magento appropriately. There’s work involved in creating a successful e-Commerce site, so make sure you can take whatever steps are necessary to create one with your tool.
4. Magento is free
Oh, please. Magento is cheap, but certainly not free. Even assuming that you have the skills to set up and customize Magento on your own, doing so still takes time. Plus, you need hosting, accounting, logistics, shipping. And selling stuff online involves more work than just plugging products into a web site and waiting for customers to come! Setting up an e-Commerce operation is an investment, no matter how you look at it.
5. Magento is a complete, standalone product
This sounds like a good idea in theory — a completely standalone solution that can be used by everyone and handles everything: buying, storing, marketing, advertising, selling, invoicing, shipping… until you need to make it talk to other software. If you’re not lucky enough to use a big-name piece of software that has Magento connectors available, the application that handles your inventory or your accounting or your web site will not be connected to your e-Commerce web site.
But connectors/extensions are available many where for reasonable price
6. Magento Security
OK, magento security seems to be best but as always Magento is an open source so hacker always wonder if they will be able to hack into Magento so people will keep scanning Magento for exploits and vulnerabilities.
But so far, we tried to apply some classic exploit and Magento is good secured.
Exec, SQL Injection, Password Retrieval. All are secured with argument validation …… so no risk so far
Overall, I must say that Magento is best choice for ecommerce open source at moment if you want to host your site yourself and want to fully customize store your way.
Updated (July 2011)
Some reader report that they get XSS vulnerability in magento search box however it is not correct. If it happen with your sites, please check your custom templates and get an expert to validate it.