I spent the past few days in the VERY unpleasant situation where I had to remove tons of spam-sending scripts from a couple of websites I host. These were in relation to unsecured, unmaintained Joomla! installations, and exploited the cache folder. I won't bother you with the why or how, just know that the vulnerability existed, and has been fixed for versions 2.x and up -- NOT 1.x. Here's the simple way to secure yourself without changing the Joomla site code.