I think it would be a very good idea for moot to bite the bullet and pay for a moderately thorough security audit of 4chan's code.
This one-time investment would hopefully resolve most of the major/obvious security issues. Then the code could be open-sourced with moderate confidence that a million 0days would not be exploited instantly -- and the community can catch the obscure holes.
I have a feeling you could post the code on /b/ and find out about some vulnerabilities very quickly.
edit: On a more serious note, I've done some work with Palamida and been quite impressed. They can be pricey though. I know you're not keen to accept monetary donations, but I wonder if getting a reputable company to do it for free would work. I'm sure there's plenty of goodwill toward you in the technical community.
This one-time investment would hopefully resolve most of the major/obvious security issues. Then the code could be open-sourced with moderate confidence that a million 0days would not be exploited instantly -- and the community can catch the obscure holes.