I'm a little slow on this one - it was a busy weekend - but we've just pushed out a new security update for Habari following being contacted by High-Tech Bridge regarding a low-risk path disclosure vulnerability (HTB22732) and two potential medium-risk XSS flaws (HTB22731 and HTB22733).
Chris has provided more details in the announcement post for those interested.
As normal, you can download a zip file from the download page or check out the tag directly from Subversion. A new Developer Preview will released shortly to address this in that side of things. Until then, feel free to checkout the latest trunk.
Update: 0.7 DP3 is now available and includes the fixes for these issues.