Security overview report is in my opinion the best new feature ever added to moodle. Most previous installs have warned administators about some wrong settings but warning is obviously not the best way to prevent sites being hacked. Liberate security politics has allowed people to choose if they want to take a risk and install moodledata web accessible (inside web root) and we can find far too many of those old sites that could be hacked any day.

It's the same for settings of php and permissions. Moodle can't control other installed programs and all settings of php but the good point in new Security overview report is that for the first time in history we get a clear report of possible security risks and info about correcting those settings.

http://docs.moodle.org/en/Security_overview