Well, a few security notices to be aware of:

Andrew's Note: In this first one, I guess its not surprise that using an outdated embedded JVM that can't be managed outside the client install and thus can't be updated my be vulnerable. I suggest dissabling external applets if you're currently not doing that already. Sad to see this one.

Technote# 1173910: Security vulnerabilities reported with Java applets
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21173910
SPR#: KSPR5YS6GR, KSPR62F4D3, KSPR62F4KN
Status: Workaround available and described in technote; fixes are under investigation for a maintenance release
Reported by Jouko Pynnonen

Andrew's Note: This is specific to users who you allow to use IMAP to manage their mail files, but if you run IMAP at all and you rely on database size quotas your users could change the quotas this way using the IMAP port then use Notes but have no quota. Since IMAP is basically Outlook Express only, if there is no need for it, dissable it.

Technote# 1173947: Setting Mail DB quota via Telnet on IMAP overrides settings.
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21173947
SPR# SEGN5VEFHE
Status: SPR under investigation; if reproduced, will be fixed in an upcoming maintenance release
Reported by Andreas Klein on Bugtraq; many advisories issued

Andrew's Note: This one is icky. Someone sends a user a mail message containing the exploit. If the user reads that message using iNotes Web Access the server can be made unavailable. Watch for this if you run iWA.

Technote# 1173969: Lotus Domino Web Access Malicious Email View Denial of Service
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21173969
SPR#: DMEA5VDS95, KMES5YA2Q8
Status: Workaround availabe and described in technote; fix planned for next maintenance release (6.0.5/6.5.3)
Reported by Andreas Klein on Bugtraq; many advisories issued