I guess nowadays you should always worry for security flaws in software. Granted, it would take longer for Openfire/Spark to be fixed if something critical come up. Development is driven by a few volunteers, so it is not very active. Especially Spark (no updates in 4 months). By updates i mean code changes commited to the project. Not the official releases, which doesn't represent the actual activity on this site for quite a long time. Openfire is a bit better on this. But with Spark i have switched using the nightly builds for a long time.
↧