First of all, no program/platform is totally secure. Security experts
usually say that security is a process, not a solution. That being
said, how developers deal with security issues is what should matter in
deciding a choice of platforms.
In closed source projects (WebCT and others), security issues may or
may not be dealt with depending on the bottom line (financial
concerns), reputation, and other reasons that might not have to do with
the security of the program. As outside programmers are not able to
check or confirm the programs for problems, security holes may not be
known for some time to the general public or client.
Generally, in open source projects (Moodle, etc.), security issues are
discovered more quickly and fixes are released when they are made and
tested usually in a very short time.
Reading the changelog for Moodle will give you an idea of when and what was done regarding security:http://moodle.org/doc/?file=release.html
I am not sure that this answers your question, but I hope that it helps.