As you know a flaw was discovered recently which allows a malicious user to grab any db backup file created by PHPFusion. I have created a temporary solution whereby a random 8-character hash is added to the filename which should make it practically impossible to guess the filename. This is only temporary solution whilst the dev team come up with a long term solution. This fix has been added to the full download over at Sourceforge.
Existing users can download the patched db-backup file from the Downloads area.