We've seen instances of members posting information in the forum that should not be posted. A few tips (feel free to add tips). The tips below are examples of things I've seen in the forum and corrected when I've found them.

1. This forum is indexed by google with the exception of a few areas. There are things you would most likely not want the search engines to pick up. If you have something to post and you don't want it indexed by the search engines, post in the "black hole" thread:

2. NEVER post any information from keys you get for any reason (ex. facebook app, flowplayer commercial license, etc).

3. Don't make a temp admin account for me or anyone and post the information in the forum. Anyone reading that will have admin access to your site.

4. Never, ever post malicious code examples in the forum. You are giving hackers what they want by posting bad code you've found if you were hacked or if you tried some add on from a null site. This should be sent to support via a support ticket or use the contact us to report it.

5. Don't post your phone number and address. Unless you want a bunch of strangers calling you or maybe stopping by. This is not a private forum (ie, staff is not the only one looking). If you need to post your info for someone, do it in pm.

6. Don't post any ftp info in the forum.

7. If you post errors from debug, look it over to remove the full path to your site's files. Remove any usernames from the post as well since there are privacy concerns for your members.

I am sure I've missed a bunch of tips and will add them as I can remember. Hope this helps.
This thread is closed
I've got this stickied so hopefully people will read it. Smile
After the recent happenings, I hope people will finally wake up and treat theirs and their members security with the appropriate priority...
I guess I have to bump this thread again.
I wish fox would say exactly where the 3.5 security hole was, so that I could check my own site.
OMG I have to bump this again. Please think before you post!!! If you ever find something you think is a risk or exploit or security issue, put it in a ticket to our sales department so our core developers can look at it or put it in a private bug report.