I'd like to make a public service announcement. Before I do, though, I'd like to say, all pool owners involved have promised to fix their issues, and I am not being paid, nor am I affiliated with the pool I'm going to recommend.
PSA: Both moneropool.com and moneropool.org are insecure. I'm not going to release details until I've given them a reasonable period of time to correct the issues, however, I will say that moneropool.org seems to be a LOT worse than moneropool.com, and none of the three pools I know of use a seperate server for the actual mining (which is very important when that server holds other people's money.) The admin of moneropool.org acknowledged the extreme issue with his pool, and promised to fix it (as of right now, it's unfixed), but he seemed to blow off the idea of either putting httpd in a VM, or on another server entirely. The admin of moneropool.com acknowledged the slightly severe issue, as well as agreeing the httpd should be moved or served out of a VM.
I'm going to recommend (and switch to immediately) extremepool.org. While their httpd is still on the same server as the mining daemon, they have no severe security issues - in fact, their security is excellent, as they seem to have taken several steps to secure their server, far beyond the default configs - and I spoke to the admin, who appears quite knowledgable and experienced in securing a server.
EDIT: Two pool admins have promised me MRO donations, moneropool.com and extremepool.org. However, I wrote this before I knew the admin of extremepool.org was giving me anything, so I believe the statement in my second sentence remains true.
I'm now mining at extremepool.org too. I noticed also that I've not been paid for my shares at moneropool.org despite one or two blocks being found hours ago.
