[websitescenes]

There is no such thing as an insurmountable security configuration. No matter what you use or how you use it, there will always be new methods to compromise your data. Hackers are creative and enjoy a challenge and will continually attack systems until the end. Whether it be Rails or another framework, you will have to upgrade and address security issues forever. Developers need be realistic and understand that any system can be compromised if one tries hard enough. I don't necessarily think that you should go from rails 2 to 3 or 3 to 4 just to address security features. Better off staying in the branch you started the project in and applying the applicable patches for said security concerns. With that said, RAILS RULES!!