There hasnt been any security issue reported yet. It's still beta. But, I can assure you, security should be your last worries with xF. <-- to hacking.. as for DDoS... not sure since that would be up to your firewall and hosting company more so than xF.
In terms of 'hacking' on the software side of things, it should be pretty difficult to get anything from the software alone. XenForo has a highly resilient template system to prevent XSS vulnerabilities being left open, and I'm pretty sure that it'll be secured in many other ways.
Prevention of hacking completely also means you have to prevent things like shells being uploaded, passwords being harvested, generally lax passwords of your admins (qwerty, letmein, etc). Plenty of variables affecting the security of your site, but XF shouldn't be one to make you feel any different.
As for DDOS, if a DDOS reaches software level there's not much you can do against it. This should be blocked at the server level by a firewall of some kind. I use ConfigServer Security & Firewall and DDoS Deflate if you're interested.