http://www.esecurityplanet.com/open-source-security/study-warns-of-security-flaws-in-open-source-components.html
This is EXACTLY why the prevailing mindset about central repositories needs to change! Keeping it at PHP 5.1 doesn't provide more "stable" and "reliable" code. It just keeps it vulnerable to things that were fixed years ago. --Kris
