Management systems like joomla and wordpress give you access to physically changing code on the pages... which allows you to add things like php and database queries. Our cms system only allows you to edit database content. Even ftp can be hacked... that doesn't mean that hacking is impossible, but it means a lot less damage can be done. You should still implement https:// for your login pages and make sure to use obscure logins.
The Edit symbol only shows when you are logged in as an administrator.