Running an open source software on the web makes it a favorite target of the script kiddies. Simple Machines leads the rest on security though and we are quick to get a patch out as soon as we are aware of a vulnerability. This one has been in the works for about 2 weeks.