I don't know if this applies to the board software B3D uses, but it might be worth checking into anyway to make sure it does not:
http://arstechnica.com/security/201...ge-number-of-sites-to-code-execution-attacks/
http://arstechnica.com/security/201...ge-number-of-sites-to-code-execution-attacks/