Originally Posted by AaronM

I uninstalled it 2 days ago from ever WP site I have after one of my sites was attacked by exploiting a vulnerability in that very security plugin. While researching the issue, I discovered that the company's own website was recently hacked due to them not encrypting user names and passwords.

http://www.poststat.us/ithemes-secur...nd-disclosure/