Mediawiki is perfectly safe. If you are a careful IT manager with free
time you can harden it into a chroot and if you are REALLY paranoid
you can disable uploads altogether and link images in some other way
from external URLs.
that's a good point... we can't upload images at the moment...! is this
a difficult thing to change? (I may not bother so if it's complex, don't
worry about it...). I will have to fight to get direct access to the
software and am not experienced in tinkering with it anyway...!