We take security issues VERY seriously. Whenever a true security risk is discovered, a fix is posted immediately, using whatever means is most appropriate.
Please see the related article on how to keep your shop safe from hackers.
We appreciate hearing (privately) from the community about any security exploit risks found in Zen Cart code. We would rather hear about the situation privately so we can respond publicly with a fix for everyone. This helps keep existing shops safe without advertising the risk to would-be hackers etc.
If you have discovered a bona-fide security vulnerability in Zen Cart, please let us know by email at securityteam at zen-cart dot com preferably with as much detail of how to reproduce the exploit as possible, ie: proof of concept, etc. And please accept our thanks for helping us keep Zen Cart safe for everyone.