@annoyingmouse It doesn't appear that you have actually made contact with us first via the website about this matter, so please do so.
Rest assured, in the 5 years of running the Store Locator plugin, never had any security issues brought up -- so you would be the very first.
Looking at your WordPress profile, it appears that you are a security expert, correct? Would actually love for you to be a private security tester for us, always great to have outside eyes giving insights or feedback (private, because as moderator @esmi points outs, part of security is handling it securely -- in case there are any mal-intended people out there).
About allegations of sloppy code, please read Joel Spolsky's (founder of the beloved website for developers, Stack Overflow, and the software that runs it, Stack Exchange) article, "Things You Should Never Do, Part I" (http://www.joelonsoftware.com/articles/fog0000000069.html).
Just an Excerpt:
The idea that new code is better than old is patently absurd. Old code has been used. It has been tested. Lots of bugs have been found, and they've been fixed. There's nothing wrong with it. It doesn't acquire bugs just by sitting around on your hard drive. Au contraire, baby! Is software supposed to be like an old Dodge Dart, that rusts just sitting in the garage? Is software like a teddy bear that's kind of gross if it's not made out of all new material?
The point is, after 5 years of development, if you're just meeting the code now, of course it may be intimidating to you, but believe me, it's battle-tested and security-inspected. However, 2.0 actually has focused a bit on organizing some aspects of it -- without losing the benefits of years of testing and bug fixes.
Security testing is a routine part of the Store Locator updates -- checking for potential database vulnerabilities, making sure the filesystem is secured while still allowing the plugin to perform its duties, making sure to take advantage of the WordPress security hardening that occurs during their updates, making sure to reveal as little as possible on client-facing portions --- amongst other things (personal background: have worked two National Census projects as a IT consultant -- Canada 2006 & USA 2010, so I know a bit about security myself).
Most importantly, your feedback would be truly welcomed @annoyingmouse, please do so very soon via email so it can be considered for the 2.0 release ... all the best.