I wonder if this library could be useful for XOOPS? I think I am going to test this as well (apart from Protector).

[snip from description]:
Mainly meant for private and semi-professional developers who need some help in securing small php applications against some of the top-10 attacks on web software.

Security increase to avoid:

* XSS (Cross Site Scripting)
* SQL-Injection
* CSRF (Cross Site Request Forgery)
* Session-Fixation
* Mail-Header-Injection
* File-Injection
* HTTP-Header-Manipulation
* Response-Splitting
* Informative error messages

To visit the page click HERE

That library contains a collection of some useful functions for making XOOPS even more secure.
Not much documentation about the usage of the functions or some code examples.
Some functions are things Protector does already, but the CSRF functions are a needed asset.
Don't know if this should be build in the XoopsForm (maybe preferable but not possible) or that it should be offered in the way of Captcha as a Formelement.