Multi-server Deployment strategies - Git on production servers?
Solution 1:
Answering your question: Yes, deployment using git (or any other revision control really) is the way to go, specially when your infrastructure starts to become complex/big.
Answering to your concers
Security must be done in layers, and even if git was a really concerning attack vector someone would still have to gain access to the servers to do that. Have good server security, SSH key based authentication and access control/logging and you will have very low risk on that.
If you want to write a deploy tool of course you have to consider a rollback procedure in case the code update fails. The good thing is that tools like capistrano (that I am more familiar with) already have all those steps built in, and you can change the behavior and etc.
I think the best is using deployment tool like capistrano or Vlad the Deployer or even Chef deploys if you already have Chef (or other config management tool).
Capistrano for example is kinda directed at rails by default but you can tailor it to deploy anything. It will connect to your servers, update the code (keeping some older versions around in case you need to rollback to a previous version), execute tasks like DB migrations or cleanups, then restart services if needed. You can tailor that for your environment and even have different environments (I worked with production, stating + 3 others).
All other tools will let you do something like that, and I think that spending time to write a deploy script is only valid if your system is really different from the 'usual' ones.