The "current" version listed in Virtualmin for the Roundcube mail reader is not really current (0.1). There is an update (0.2-stable-dep) which addresses a security hole in 0.1 which enabled an attack by a flooding hacker.
I have upgraded to the 'unsupported version' for roundcube listed above. Previously, I had two attacks which caused my ISP to shutdown my bandwidth until addressed. Since upgrade last week, I've had no further problems.
If you use roundcube, I would strongly suggest the upgrade. Especially if you use roundcube from within an application. Hopefully the version will be updated in a newer version of Virtualmin.