Security means two things for the Outfoxed extension. First, can it (or its helper applications) be exploited to harm users? And second, how safe is the users data from tampering?
The answer to second question is, unfortunately, that a user's data is not very safe at the moment. (Or rather, it is safe only in that it is not popular enough to have attracted the attention of would-be attackers.) The core problem is that the MDDB will listen to any application. So if an attacker was able to install a program on a user's machine, the program could modify the contents of the MDDB at will. False reports and informers could be added, for example.
The solution is to use the same public-key security measures which are planned for Outfoxed web security: The MDDB maintains a list of the public keys of applications which it will listen too, and performs a challenge-response protocol to any application wanting to modify (or retreive?) data.
[TODO: more needed. And seperate page for challenge-response/public key stuff.]