It depends on what or more importantly how big your site will get. V4 will be better for larger sites just because of the option of using XBT and more then lightly there's a few improvements but I could not tell You of hand because I've not studied in closer enough But I would assume that V4 would be better for the simple reason for its release.

If there is an option of using a version or enabling XBT when installing I would seriously consider it for the very reason that 1) The option is there 2) It will save time later. 3)
So its a no brianer to 1) Use V4 and 2) Don't be dumb and install it with out the XBT option.

Even though I think that Ocelot is better in my opinion I'm sure that XBT works just fine taking in account that most of the big sites we love and use are indeed using it!!.

Simply because using it without XBT will but it in the category of any other source that also has caching systems and then with out a doubt I would use BT.Manager.

I'm trying to convince Joe Robertson to integrate Ocelot.. I cant wait:ok: If I can convince him lol :)

I am not sure if anyone else has picked it up but all there variables allow a hacker into site so I would strongly suggest to change all single variables to longer variables and make them clear also your functions need to be more secure and clear.

$htmlout .= ""; not valid!

$INSTALLER09_HTMLOUT = ""; valid!

dbcon() not safe or wise!
core_connection () would be wiser and more secure!
Make it go through a few security loops before connection made to database.

Use php5.5!! hide php!! chmod 0655 of all folders and files inside /var/www or whatever directory you use to host your sites plus the /www/ folder needs to be chmod 0655.

It depends on what security hole you are referring to, if you are talking about SQL ejection then it depends on where and what, you need to understand that HTMLOUT variable returns the markup(html) and therefor should not be vulnerable to SQL injections

If that htmlout holds unsecure functions and variables a hacker could find u-232 a general access all day fun house, hope that makes more sense as to why i said that.

Forgive Me
BamBam0077!

I would not sanitize $HMTLOUT variables but rather the unsecured variables contained within it.

If you do not sanitize your developments will be just another script hackers will enjoy.

Sorry but it is time we all stepped up and cared about every script we contribute into.

This my first step so please do listen and do pay attention, if your clever enough to build a engine base then you always known that you have security in your mind the entire build not till 1,000+ bases are hacked in 21 seconds.

So i am asking the development to step it up and if they don't want to recode it all i got 365days ( currently working on pre asylum ) on my shoulders so i can help when you need me. You scratch my back i'll make sure to step it up a notch.

pffft just cause you dont understand $htmlout is just an display :P dont mean its not safe LOL
I suppose in your way of thinking print and echo not safe too..

Any site on the planet is acceptable to attacks if people want to try hard enough.
Wow i want to hack something lets see, dl the source check what vars it using.. hack it. Simple.. dont matter if you change the vars unless you go threw and change them all for only your site and NEVER give stuff out...........

Ok hitler, I forgot that development languages have been around since dinosaurs. Forgive me but i been researching hackers for the past 3 years and i am telling you hackers don't give fuck about your intelligence they care about the fucking dictionary & Bible words you use everyday in development because you make them like everyone in the development communities.

I found out sha5 is your best bet with double_check().

Dude! (BamBam) do what ever you have to bud:) Been secure is a good policy but whats even better is securing the right things.. I have nothing further to really say.. Good luck to you and all your endeavors.