> Has anyone found any unpatched security holes in Wakaba yet?
I've found two, but both require non-default configuration that absolutely nobody uses.