User blog comment:Kirkburn/Technical Update: September 14, 2015/@comment-4018164-20150914200248/@comment-11733175-20150915085741

A whitelist is inclusive, it contains items (in this case pages) that you know are safe and can therefore enable with no, or with very low, concerns. A blacklist on the other hand is exclusive, it contains items you know aren't safe. However, this allows for someone to potentially find an item that should be on the blacklist, but isn't, and abuse it. That's why a whitelist is inherently more secure and much safer when dealing with critical areas such as security. You should never rely on a blacklist for really important things.

The other issue, rather unique to MediaWiki, is that pages in the MediaWiki namespace can not only be customised but extended as well - you can add pages that were never added by the original software. Obviously, the ones added by software have known usage, but the custom pages are completely unknown and their usage can even vary across wikis. This becomes more problematic if you're managing a number of wikis with the same software as it creates inconsistencies which have to be resolved on a case by case basis.

As an addendum, the message software used by MediaWiki was changed not long before Wikia upgraded to the version of MediaWiki they're currently using. However, not all uses of those messages were updated leading to other security issues. Where before most, if not all messages were parsed or output as normal text, which allowed people to use verbatim tags with impunity or insert any html, not they can be more safely handled. Wikia's extensions are normally fine, and they've made great strides in improving the security of those messages where they weren't, but a lot of the messages in MediaWiki core (the standard software) aren't so secure. Since Wikia upgraded, most, if not all, of these insecure messages have been fixed in MediaWiki core. Wikia could therefore upgrade to alleviate some of these issues, but due to how Wikia has customised MediaWiki it has become almost impossible to do so.