Making it painless to update wordpress code is a plus point for a more secure site, IMO. This post aimed to show how this is possible, particularly for the situation I mentioned where I don't have FTP installed (I consider it insecure, but I'm no expert) and I want to allow users without server access to update wordpress from the admin console. Web servers owning directories is normal, write permissions are not ideal but in this instance I think a fair tradeoff and one I'm comfortable with - although I would like to check out the SSH related options that a couple of other commenters mentioned, thanks people!

Please keep all comments directed at the technological matter at hand and not any person; comments to this site are now moderated and personal comments aren't welcome here - thanks.