I told JJ about a risk to do with this forum several weeks ago which he fixed.
'Currently' there are 2 high-risk vulnerabilities that exist on the 3.5.3 system that is in place here (really should upgrade to 3.5.4). One is a DoS exploit and the other is a way to steal your hash just by you clicking on a link that might appear to go to an image but you're secretly redirected to a hash stealer (works via cookies) and then passed onto the image - oblivious to what just went on.
That's why if you have Firefox, you should download the NoScript extension
As for idimmu, he recently hacked the arcade scores at another place - literally took over with scores of 999999999999999. heh. Either he is a genius or he's just using these exploits which I know appear in popular security forums (no I won't link them).