1) Is this script the latest and most secure version?
2) Does this script have a good security track record?
3) Is this script made by a reputable group?
If the above conditions all have "Yes" as the answer, then you are already ahead of the game! Half the battle in using php scripts is ensuring the script is the latest and most secure version. The majority of attacks are not intentionally directed at you! They are simply random attempts on your site because the attacker found your domain name via a search engine when looking for strings common to a particular script. Thus, if an attacker is trying to compromise as many Mambo sites as possible, they will search for the version information common to Mambo sites, and then try the more common exploits.
After you have installed the secure scripts, ensure that you create a new MySQL user for the script, with a different username and password then the main cpanel account, and use this user to connect to the new MySQL DB you created for the script. This will ensure your cpanel/whm login info is never stored in the account in plaintext, as php scripts need to store the DB login information in plaintext on the account.