The issue of transaction malleability has been a prominent one during the last couple of weeks. It’s quite likely MtGox, and maybe others, suffered some losses because of it.
The core of the issue is that the ID of Bitcoin transactions can, under certain conditions, be changed. It is just the ID that can be changed though, not the transaction contents.
This has been exploited by some malicious users who managed to get some exchanges to send money multiple times for the same withdrawal request.
The reason for which this is not a problem for Bitcoin-Central is that we understand that it’s not wise to let an automated system send large amounts of money in irreversible transactions without constant human oversight.
We’re not immune because we have specific technical measures in place, we are immune because we track what we do, we can track what we do because we’re properly organized to do so. When you send a single transaction per day batching all the withdrawal requests it is much easier to not get fooled by a user who claims he didn’t receive his funds.
The security of an automated system also lies in the organizational procedures that are in place to ensure proper human oversight on sensitive actions.
It wouldn’t be very secure to let an ATM dispense gold ingots, it’s not very secure either to let an automated system send hard cash over the internet.