I welcome innovation and improvement, but I would willingly sacrifice any bells and whistles in future versions of XOOPS as long as the developers remain diligent to preventing security threats. Like for example this spyware component recently developed for Mambo. To their credit, it was discovered and removed from their download section by the Mambo team. Link is to Mambo Portal's News page so it won't be there forever.

http://www.mamboportal.com/content/view/1868/2/

It's a sad fact that the more popular the system is, the bigger the target it becomes.

After reading that thread, it appears that it wasn't really a "spyware component", but an inadvertant release of a version containing some debug code. The debug code emailed the site's URL and admin email address to the component's author.

But I agree that we have to be remain aware of the possibility of exploits such as this.