If the hack means uploading php code to your site, then the hacker has all read abilities of XOOPS, what would stop him from reading your passwords?
Ghia expressed it as if it want really true.
So, If the XOOPS_TRUST_PATH doesnt give that alleged protection against hackers....what is it for?