We highly recommend that all Piwik administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.
Performed checks include for instance usage of latest PHP version, usage of latest Piwik version, usage of PHP ini settings like magicquotesgpc and more.
Does the plugin replace secure development practices or audit the code/application?
No, it doesn't. It just gives you some information based on PhpSecInfo from the PHP Security Consortium.
1.0 Initial release
Please direct any feedback to firstname.lastname@example.org