To try and clarify a number of the points brought up in discussion around Hackage security in the past few weeks, Mathieu and I have put some time into trying to organize the information around this a bit. The result is the following page:
Contributions by others are very welcome. If you send a pull request, odds are you'll end up with commit access too.