From:
http://www.squirrelmail.org/wiki/Squ...AndCourierIMAP
At approximately 1700 GMT, on June 16, it was discovered that the SquirrelMail webserver had been compromised. The project administrators took immediate action to mitigate any futher compromises, locking all accounts out, and resetting critical passwords.
At this time, the SquirrelMail project administrators have shut down access to the original server, and put a temporary hold on access to the plugins. It is believed that none of the plugins have been compromised, but further investigations are still being executed.
The compromise of this server does not include a compromise of the source control, which is hosted on a separate repository managed by SourceForge.
wao'