In the last ten months, Magento has released four security related patches. Previous to that, only one had been released in Magneto's entire lifetime. This demonstrates two things. #1 Magento has a strong commitment the the security of their product. #2 there is an equivalently strong need for security to confront the dangers of running a store on the internet.
Unofficially, Magento seems to be drying up security support for older versions. With their latest patch, SUPEE-6285, Magento originally intended to support only versions 1.6+ until a botched mass mailing obligated them to include versions back to 1.4.* With Magento 2.0 on the horizon, there is less and less incentive for them to support older versions.
Theft from Magento installations usually targets customer contact data. But, in rare cases financial data could also be at risk. Theft attempts are rampant and the patches have been successful in adding needed security. Make sure your installation is up to date with the latest security patches.
Click here for info on the Shoplift vulnerability, probably the highest profile vulnerability. It was published in a security trade journal.
You can test your site's vulnerability here.
Want to read more? Visit these links:
https://blog.sucuri.net/2015/04/critical-magento-shoplift-vulnerability-supee-5344-patch-immediately.html
http://gotgroove.com/ecommerce-blog/analysis-strategy/magento-patch-supee-6285-what-you-need-to-know/
https://www.yireo.com/blog/1757-security-patches-for-magento