Some beginner programmers shy away from using the relatively simple system and instead opt for other systems. However, any veteran of the programming world would be able to highlight that every single system which is live, at this time, is to a certain degree unsafe or unsecure - wherever there is interaction with external parties or information sent there is an opportunity to let a hacker in. In this sense, Joomla is no different from other content management systems which simply require basic setting up by you to close the majority of holes hackers can exploit.
Surprisingly enough the least taken advice is upgrade your Joomla package to the latest distribution. Joomla releases security patches and bug fixes all the time, many of which are available in the public domain via repositories for veterans to peruse before being "launched". By their very existence, security fixes imply there was a hole that Joomla have identified, usually after a problem, but have now fixed. It goes without saying neglecting to upgrade your Joomla installation to the latest version, or applying security patches if and when they are released into the public domain leaves your Joomla installation at greater risk that if you were to upgrade when necessary.
In any case, as previously mentioned, no system is 100% secure, as a result webmasters will always be encouraged to backup what files are live on their servers. Most hacking attempts aim at either defacing the website and its files or stealing user information. Backing up the databases that drive Joomla and the physical files onto either your local machine or a backup service online will leave you in a much better position, should your Joomla installation be hacked, as instead of having to reinstall the files, you can simply copy them back up!
It should go without saying all passwords for administrative accounts should be alphanumeric and consist of greater than 12 characters without any common phrases typically found in passwords such as; "password". Joomla have also recently begun to support add-on's which add another layer of security and authentication to the administrative portals on the back-end of the installation. One of the main problems with security around the administrative parts of Joomla is once a hacker has either guessed or worked out the administrator's password, there is very little the system can do. However, an add-on released by a Joomla add-on developer adds a further layer of security by restricting access to the administration panel login page depending on whether the user requesting the page has a key, which you set.
There is a variety of methods now available on the developers market for programmers of all skill to secure their Joomla installation thereby stemming the amount of successful hacking attempts on their site. Joomla can only secure their product to a certain degree; the rest is down to whoever installs it on their server.