Yeh, it's just good security to make sure you're always running semi-current code for any scripts installed in your webspace.
Even then, system services on the server need to be monitored for security as well...
Then you have passwords, user emails containing passwords, etc etc etc...