I wouldn't touch PHPNuke with a 500,000 foot barge pole. It's the buggiest piece of PHP code I've ever come across. Because of all this poorly written code, there are numerous security holes and issues and this includes the latest releases.

The main issues seem to be poor checking of user supplied input which is then directly put into a SQL query without any escaping of the strings. This includes variables passed by the client and also cookies stored on the client.

If you do decide to use it then be prepared for immensive amounts of patching. I have the misfortune of having to host a couple PHPNuke sites for some people. Every few months I have to do a mass security hole fixed up as they've been hacked. YMMV.