I've upgraded Drupal at fob.po8.org (and summer.cs.pdx.edu) to version 4.6.6, which apparently closes some fairly disturbing security holes. Thanks to Jamey for pointing out the problem report. I have to say that I'm getting pretty nervous about Drupal's "security".