Security is very important to concrete5. The transparent nature of open source code is a double-edged sword: many developers can contribute security fixes quickly, but those who would exploit security errors can easily see how those fixes are applied. Consequently, the concrete5 core team takes security issues very seriously, and works quickly to fix any reported issues.
But that doesn't mean security stops there. Securing the core of concrete5 is only part of the solution. As a developer who uses concete5 to build web applications, you'll need to take the same care to ensure that your code is secure. Fortunately, concrete5 contains a number of helper libraries and functions to ensure writing secure code is possible and easy to do.