There was recently bug in our bug tracker that we compete with Microsoft to achieve highest number of security bugs. We definitely do not compete! However there always be security issues in such big application.
Majority of them are XSS issues, which are hard to detect automatically, so you either have to test various inputs or deeply analyze the code. Most attackers choose testing method and it sometimes bring them fruit. We try to fix any found issue as soon as possible, but it is not in our possibilities to fix it for all past releases that might have been included in some distribution.
Anyway I'd like to improve phpMyAdmin in this area and I think nobody would object if somebody would help us with code audit. I'm not enough experienced to see all possible flaws in code.
