There's no any benefits for the donators except for the attribution removal
@FrankBryan +1
People checking for attribution will do it through this Oxwall forum (if, say, you post your link here asking for help with something). They'll check to make sure the attribution is allowed to be removed. But if you never share your link, nobody from this site is likely to run across it randomly and then check its eligibility.
Also, security through obscurity isn't really security. I feel like it can help sometimes when it comes to script kiddies (like changing the port on your SSH server), but only to a small extent in terms of convenience. But if someone is trying to find a way to break through your security, you can bet they'll know what software you're running within the minute.
Don't worry about people finding out what software you're running. The only reason I wanted to remove the attribution after I donated was because I'm a web designer and like to keep things as perfect and clean as possible, down to the pixel. My users don't need to know I'm using Oxwall, but they can easily find out or simply ask. I'm not hiding it — rather, it doesn't need to be there because it's redundant information. They're not going to build a site, most of my target audience doesn't know anything about web development or running websites.
The most important thing is to keep your software up-to-date with security patches (should any arise) and keeping your server as locked down as possible with the correct permissions, restricting root access, and so on.
Franklin, those CSRF holes has already been fixed in one of the recent updates of the software.
As to the downloading database from the front-end, can you please shed some light on that. How did you do that?