According to the latest Timthumb Vulnerability Scanner Plugin your included version 2.8 of timthumb.php is "vulnerable". I'm not the one to judge if this is true. But I have just spent 8-10 hours cleaning up after a timthumb vulnerability infection on a number of sites so I'm possibly a little over focused on this particular piece of code. Therefore I installed the timthumb Vulnerability Scanner Plugin that checks all possible installations and it helped me a few times. I manually updatede the outdated timthumb.php in Shortcode Ultimate to version 2.8.5 but this was overwritten when I just autoupdated Shortcode Ultimate to the latest update. Otherwise I'm really happy with Shortcode Ultimate.