Gallery 2.2.5 Hacked - pictures added

I have a question, having just upgraded to Gallery 2.2.6 as my 2.2.5 installation had been hacked, with a few rather dubious pictures inserted in one of the galleries.
I have it integrated into Joomla using g2-bridge. It is all working fine at the moment, and offending pictures have been removed. (see http://www.weepingash.co.uk/new/index.php?option=com_g2bridge&view=gallery&Itemid=66 if you care to)

As 2.2.6 is a security release, I'm hoping that fixes the problem. But I would like to know what are the most appropriate security settings for files and folders - 644 for everything? - or are there any folders (either in the g2data root, which is at server root, outside of my public_html directory, or in the gallery2 folder within the www root) which need specific settings?

Gallery version = 2.2.6 core 1.2.0.8
PHP version = 5.2.6 cgi-fcgi
Webserver = Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Database = mysqlt 4.1.22-standard-log, lock.system=flock
Toolkits = Exif, Getid3, ImageMagick, LinkItemToolkit, Thumbnail, Gd, SquareThumb, NetPBM, ArchiveUpload
Acceleration = full/900, full/900
Operating system = Linux cpanel3.uk2.net 2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686
Default theme = classic
gettext = enabled
Locale = en_GB
Browser = Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.3) Gecko/2008092414 Firefox/3.0.3
Rows in GalleryAccessMap table = 15
Rows in GalleryAccessSubscriberMap table = 206
Rows in GalleryUser table = 4
Rows in GalleryItem table = 204
Rows in GalleryAlbumItem table = 11
Rows in GalleryCacheMap table = 1

Thanks for the pointer to the codex scaturan, I had yet to discover that.

My g2data is outside the web root, so that's covered, but I'm new to PHP and am unclear what running it as cgi actually means! I will read through the security info though and see what else I need to do.