True, but if there software was up to date it would not happen, and if it was up to date and they got hacked....then i'm worried.
This shows impressively, how little people understand about all this security stuff...
I don't blame you or anyone else for believing in the "if you update your software, you're safe" paradigm - after all, this is what most software producers are trying to *make* you believe.
Unfortunately, it's wrong and believing in it can be dangerous, especially when you start to act carelessly, because you always update and therefore think you're safe.
There is no software that is free of bugs and even if a PHP application was free of bugs and possible exploits, you still depend on the underlying software (i.e. PHP itself, your web server, even your operating system) and no matter how hard you try to keep all that stuff up to date, you're not safe. Period.
Software developers can only fix known bugs and exploits, but as a matter of fact, many hacks and exploits make use of recently discovered and unknown bugs and this is something you cannot avoid, not today, not tomorrow, not in 100 years from now. As software evolves, it gains complexity and the more complex a software is the higher is the chance for hidden bugs and possible exploits to exist.
Bugs have been found in software that was tested for many years before it was deployed into productivity (i.e. flight management software for modern airliners - something you cannot even remotely compare to a php script running a blog or forum) which was designed and tested under completely different standards and yet, bugs were found years later.
Hacks, exploits, data theft - that's something we'll need to accept as negative side effects of all our modern technologies and like Deebs correctly stated in his post, the only way to protect our data is to use strong encryption. After all, stolen data is basically worthless when you cannot decrypt it.