Because its written and reviewed by many of the foremost experts in the field. The commercial alternatives have consistently been jokes zero peer review, zero security auditing, comical flaws aren't even the beginning... from MTGOX self-doublespending malleability tripped up private key leaking mess, to bitcoin armory letting its keys being corrupted using shared thread unsafe memory for storing hashes, to bitpay's bitcore using 64-bit values for their nonces, to libbitcoin's recent comic fail -- there is a long history of disaster. The fastest way to lose all your customers bitcoin's is "post your private keys online", but the second fastest way is probably to use some "commercial solution".
Bitcoin core is node software. It runs the entire network. By definition it handles the *entire* capacity of the network, even on modest hardware.
Bitcoin Core isn't strictly personal desktop client though. There are many feature which geared towards developer for commercial service such as bitcoind, RPC-JSON, REST API and various tutorial/script provoded on Bitcoin Core on directory "doc" and "contrib".
Not saying it does not. Or that it is not good software. And there are many things it does well.
But if you are running a public service you should have something very robust with a ton of security between the internet and RPC commands to core.
Core is the back end, there are a lot of things you can put in the front end to keep is isolated. Which was the original discussion, about RPC security.
That was more or less what I was trying to say.
Can you run a block explorer just with core? Yes, with some limitations but dumping everything to a database works better.
Can you run a public web wallet for people with core? Yes, but it's going to be a logistical and security nightmare if you don't put a lot of other things between it and the internet. And there are just flat out better ways to do it and just talk to core when needed.
-Dave