Lukas Smith has a new post today with a look at some of the security isues Chris Shiflett has mentioned with frameworks, and how his (Lukas') framework has focused a lot on the same topic.
In my framework I wouldnt say that I have really focused alot of energy on security. But I did recently add a number of input filters and validators as well as a custom echo function that defaults to the proper escaping based on the output format or that can be asked to specifically escape for a given format. This is all handled by the module base class (you will find the relevant methods towards the bottom).
I wrote a reply to Chris Zend Framework wishlist. He focused on security aspects that by and large the WebBuilder2 framework has already effectively addressed.
He also mentions some of the other precautions that they've taken to ensure that the framework is as secure as possible.
You can find the WebBuilder framework here...