12
As far as I know, XOOPS is very secure providing that the webmaster has put the appropriate measures in place, such as ensuring verification by an e-mail link, and also thinking of the more common names that a hacker may try to register with and then entering those in the list of barred usernames (such as letmein, test, tesing, admin, webmaster etc). Its certainly not open to SQL Injections and the like (but agagin, this is providing that the webmaster uses the latest version of everything, like MySQL!).
I raised the question here myself
https://xoops.org/modules/newbb/viewtopic.php?topic_id=22309&forum=20#forumpost97482 and because MD5 encryption is used, the system is secure as houses really. Just take precautions with the webmastering.
One other point - anyone who collects user data has a duty under the Data Protection Act 1998 (if you are UK based) to ensure they have done everything in their power to keep the data secure. If they fail to do so (for example by not updating their system with the latest patches) they can be liable for prosecution.
Someone should tell Microsoft that as well!!