Erik Petersen of TRILOS reached out to me today about Verve Meta Boxes. As the developer of the plugin I must apologize for not keeping it updated. I have been working at a startup which takes all my time. Here are some things I can tell you:
The timthumb security vulnerability was removed in version 1.2.9.
I currently run Verve Meta Boxes on a busy version 3.3.1 wordpress site - ymmv however.
I plan on putting the plugin on Github this week. Will post here the location of the archive when I do. If you have less than version 1.2.9, please email me (you can find my email at the bottom of my site: avenueverve.com), and I will send you a zip archive.