We can vouch for the security of the code that we write in the ProcessWire core, but we can't vouch for the security of third party modules. Follow these guidelines to maximize your security with third party modules.
ProcessWire doesn't require any third party modules in order to run and accomplish most tasks, so use care in deciding which third party modules to install.
Install only those modules that solve an important need for your site. The fewer 3rd party modules you have installed, the less to keep track of and fewer developers you are dependent upon.
Verify that the module is still actively supported by developer in the ProcessWire support boards.
Keep third party modules up-to-date (the ProcessWireUpgrade module is a good way to track versions).
Uninstall and erase any 3rd party modules that you have installed but are not using.