Pharo started as a fork of Squeak to target "practical" Smalltalk development. The two environments use the same virtual machine, same image format, and share nearly the entire low-level class libraries. They use the same version control systems, and (last I checked) shared the same fileIn/fileOut format as well.
At the same time, I don't think it's fair to say that Pharo is merely a rebranding. The two projects are taking increasingly different directions: while Squeak shows no sign of wanting to remove its educational and research packages, Pharo is narrowly focused on making a tiny, lightweight environment suitable for corporate and commercial development. Where Squeak is concerned about keeping backwards compatibility with its previous releases, Pharo has been very willing to break compatibility in the name of slimming things down, speeding things up, and just generally simplifying the library system. The two systems now have different compilers, will soon have different FFI (native code) interfaces, and have increasingly divergent windowing systems.
For these and other reasons, I treat Pharo in my mind as a currently-mostly-Squeak-compatible Smalltalk, and not as a mere "rebanding" of Squeak. As time progresses, I would expect the situation to get closer and closer to Emacs/XEmacs, where it's possible to make programs that run under both systems, but most people target one or the other.
I have absolutely no idea what security problem you're mentioning, so I have no idea whether the situation's better than Pharo. It'd be helpful if you could outline what you have in mind.