Were the pools and miners programmed with strong security in mind? Can pools/miners defend to all crap of invalid input and other attacks? If attackers could successfully run some buffer overflow attack (for example) on a pool, they could 1. do lots of malicious stuff with the pool itself (steal coins, fuck up with transactions, try to fork blockchain if pool is big enough) and 2. start attacking the miners itself and steal their wallet's coins if successful (assuming they're on the some machine - many will). I don't know, can python / java programms (miners) somehow get exploited with stuff like buffer overflows like it's done with c(++) programms?
Of course an attack like this might require more skills than to use a trojan to steal the mtgox db (if that actually happend) and suck the accounts with weak passwords dry, but it's a risk we should mitigate better now than later.
And, well, I see slushs pool using csrf protection (
![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
Please, pool operators and miner coding guys, check your codes for security aspects, treat every user input as evil and run it against a whitelist, maybe even consider implementing a solid security toolkit as owasp esapi https://www.owasp.org/index.php/ESAPI (not intended as a commercial but I use it for my own projects and I'm quite happy with it).
I think it's important to have this things as fkn secure as possible. OK maybe I'm just paranoid, but I didn't get any coins stolen (yet?
![Roll Eyes](https://bitcointalk.org/Smileys/default/rolleyes.gif)
![Grin](https://bitcointalk.org/Smileys/default/grin.gif)
What do you think?