The latest release of Joomla, 1.5.17, is welcome as it deals with a security vulnerability affecting the password reset function - see http://www.spiralscripts.co.uk/Joomla-Tips/joomla-password-security.html . For added security you can download for free our plugin which blocks the front-end password reset function for administrative users.
100% security is probably not possible with Joomla or any other system, but with a little work it is possible to keep out most attackers. A good place to start is the Joomla Security Checklist.