1. Don’t pass your domain account info to anybody. That means to avoid using php „Guru’s” from freelancing sites. Cheap does not mean good and secure.
2. Rename your /admin (Administration area) to whatever you like and password protect it. Oh, admin12345 is not a password.
3. Update your cart as soon a new stable release is available.
4. You don’t need 777 files …
5. Install an oscommerce security contribution like Osc_sec http://addons.oscommerce.com/info/7834