I’ve read a scare story recently concerning a blogger having his site overtaken by hackers. It’s not the first one I’ve come across either. If you’re using a third party web development agency, then I suggest you have a word with them and make sure you’re “protected”.
The gent is the story above is a Wordpress user. He also suggests that there is more than one loophole in that system. As we here generally use only Drupal, we’re well looked after on the security front. Developers have their own security team over at drupal.org – not only do they check over the core system, but also the contributed modules. This is a great advantage for users of this system.
In the new version of Drupal (version 6, soon to be released) we’ll have a few improvements to security in general, including the great Update Status module, which automatically warns administrators of problems. Of course, if you had a maintenance contract with your web developers, they’d be looking out for all this stuff for you.