The members of the Drupal community take security seriously. As users of Drupal, they have a vested interest in making sure Drupal and its contribute modules do not harm Drupal users or Drupal's reputation. Check out http://drupal.org/security-team for how the Drupal community manages security in Drupal. See a list of Security issues and their status at http://drupal.org/security.