A simple question with a complex answer! It is complex because security issues arise from a variety of sources: your code, your server, the other things running on your server, the users, etc. While Mambo itself is relatively secure, you may still experience problems if the server is compromised or if a user gives up a password. The basic steps you should take however include:

• Do not unnecessarily leave directories open with CHMOD set at 777 (configuration.php in particular should be set to chmod 644)
• Delete your old installation directory (don't just rename it!).
• Implement HTTP access controls for your admin login.
• Make all your admin passwords at least 8 characters and containing symbols and numbers as well as letters.

There's more that you can do, but it is outside the scope of this FAQ.