Beta 6 includes a security fix: earlier 1.3.0 beta releases may be vulnerable to a PHP inclusion attack if you have allow_url_fopen and register_globals on (this is the default configuration in PHP 4.1.x, but register_globals is off by default in 4.2.x and later).
Incidentally, a side note about this. From what I've read, you cannot set allow_url_fopen by using ini_set - it's an admin value only. I think I saw an attempt to turn this off in one of the source files. Is this "just in case" sorta stuff?