We're considering using Moodle at our university and are very impressed by what we've seen so far. However, having learned my lesson several times with Open Source tools for education (forums in CGI, perl scripts, php scritps, all of which come with their share of security holes), I'm always a bit conservative about reusing such tools. Our system administrators are even more conservative, because they get stuck with dealing with the damage done to the system when it gets hacked.
A Google search on Moodle and security comes up with a lot of discussion of issues, some very recent (Aug. 2004). But nothing seems to be centralized here on the source (moodle.org). Other open source projects (MySQL, Apache, etc.) have ways to inform users about what security risks exist in certain versions, which patches have recently been released, etc.
Where is that information on Moodle.org? If we install Moodle, will we be informed of security-related issues so that we can keep up with the patches?