We are writing the Ushahidi Security Policy with our legal team. Community Input is welcome. Here is the current suggestion as written on http://ushahidi.com/security/:

Ushahidi is an open source software project. We aim to make the platform as secure as possible. It is your responsibility to train your users, test security and build privacy requirements for your project. We are here to support you with community efforts. While we try to create great software, the old adage applied: Sometimes there will be bugs; we will fix them and advise you.