Branchable blogs were vulnerable to a cross-site-scripting issue involving comment posting. The underlaying security hole in Ikiwiki is CVE-2010-1673.
This hole has now been fixed on all Branchable sites, and as far as we know, was never exploited in the wild. --Joey