'XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.

'register_globals' : off ok

'allow_url_fopen' : off ok

'session.use_trans_sid' : off ok

'XOOPS_DB_PREFIX' : XOOPS Not secure
This setting invites 'SQL Injections'.
Don't forget turning 'Force sanitizing *' on in this module's preferences.
Go to prefix manager

'mainfile.php' : missing precheck Not secure
You should edit your mainfile.php like written in README.

XOOPS, PHP, MySQL version?
Is this the result of an update?
xoops_lib and xoops_data has to be placed in a directory that is a sibling of the one (eg htdocs, www, ...) where mainfile.php is placed in.