Firstly its not CSM its CMS - Content Management System
Secondly the mambo sites that were hacked most likely had not patched their systems. Which is important no matter what CMS you use. Security holes are a given in any program they will always be there.
Thirdly when choosing a CMS you need to consider what you are going to use your site for and what you are comfortable using. Just because someone or a group likes a particular CMS doesn't mean it's the right one for you.
Finaly going back to security if you keep your site updated you will reduce the chance of it been hacked.