The first line of defence for SPW is PeerReview. No change in the code will be executed through SPW until the community has a chance to review the proposed change. Any member of the community can veto any change. Any suspicious or ill-understood change should be vetoed.
This means that if an attacker wants to enter malicious code into SPW, they will have to find code which is malicious but which looks perfectly innocent to everyone else -- a tall order.
Currently, code change is implemented via DoPatch and MeatBall:FileReplacement. For instance, with DoPatch, you enter a command on a wiki page that means, "SPW, integrate this patch into your code". SPW does not actually integrate the patch, however, until a certain amount of time (now, 4 days) has elapsed with no changes to the wiki page with the command. So, any member of the community may delay or veto the proposed change by changing the page with the proposal.