Hello,
I'm unsure as of what Symantec would do, but security has lots of ins and outs.
What we recommend is to harden your web server, only having SEOTOASTER running on it. No FTP services or any other application, so that you only have to deal with the possible security flaws found in your main application. It's a good rule of thumbs, that's the way we do it on our servers.
You can also restrict access to the web server by doing port filtering.
You can also add network level security by configuring your network as a diode (that's the way banks run web applications).
You also need to have a strong password policy in place
As far as the SEOTOASTER application itself, you can start by hiding the login into a different url than /go
Please check out to find out how we avoid storing any sensible credit card information:
http://www.seotoaster.com/pci-compliant-open-source-shopping-cart.html
Keep in mind that security is first and foremost a mindset.
As you've seen with the one vulnerability that was found on the V1 architecture, we openly communicate about it, and in fact fixed it before the security vulnerability was publicly released. We try to be equally pro-active in our software engineering.
As of today there's no known vulnerabilities to SEOTOASTER V2 CMS and E commerce.