Public scripts can be just as damaging.
When my sites were constantly under attack, my managed webhost put a password protect on my Wordpress login and Google slammed me with "increase in authorization errors" pointing to the login pages. Here's the discussion to that problem I raised [webmasterworld.com
...] Traffic plummeted - not the drastic drop-from-the-cliff kind, but the slow-but-sure kind that is sooo hard to climb back up.
I had to put the WP login pages in my robots.txt file to get rid of Google's authorization error messages.
I moved to a different managed server webhost with stronger protection layers against hacking. So far, no problems. Keeping my fingers crossed.
Hacking is just something many website owners don't think about until it happens to them. Just like me. When I got hit -- and boy, it was non stop -- it was painful. Only then did I take protecting against malwares and hacking seriously, and now religiously updates every Wordpress install and plugins as soon as available.