As Drupal comes ever more popular, it will inevitable become more visible and targeted by hackers. We have seen it happen with other popular open source projects like Wordpress and Joomla. There'll always be a threat to security whether it be open source or proprietary CMS (closed source). Therefore, precautions should be taken to prevent and secure your site as much as possible.
After some digging around on the internet i was surprise this isn't included on the drupal.org site. It is an excellent guide to securing your Drupal site and also deals with securing your web server.
- Drupal and Apache Web Site Security Checklist, part 1
- Drupal and Apache Web Site Security Checklist, part 2
- Drupal and Apache Web Site Security Checklist, part 3
NOTE: If you think the core Drupal system or one of the contrib modules has a security flaw, don't post it on the issue queue, keep it confidential and contact: firstname.lastname@example.org
See this guide for more details: http://drupal.org/security-team