Mediawiki is perfectly safe. If you are a careful IT manager with free time you can harden it into a chroot and if you are REALLY paranoid you can disable uploads altogether and link images in some other way from external URLs.
that's a good point... we can't upload images at the moment...! is this a difficult thing to change? (I may not bother so if it's complex, don't worry about it...). I will have to fight to get direct access to the software and am not experienced in tinkering with it anyway...!