The United States Department of Homeland Security and the National Institute of Standards and Technology maintain a National Vulnerability Database. I periodically check it out to see what are the latest FileMaker vulnerabilities and it is just part of keeping on top of security. If you make security plans for a US Government agency, you are probably quite familiar with this. Right now the following 4 vulnerabilities are the only ones listed right now, none specifically for FileMaker 14. Obviously we want no vulnerabilities. But just for comparison, the same time frame (3 years), Microsoft's SQL Server had 62 vulnerabilities, MySQL had 237 vulnerabilities and Oracle had 1717 vulnerabilities. Note that FileMaker has not had a "High" level security vulnerability for at least a decade (as far back as I searched).
People often put off upgrading their software because it is working and they have not had problems, but mostly because they don't want to pay for the upgrade. But staying even one version back has vulnerabilities as you can see here. I recommend all of my clients have annual or maintenance licenses, especially on their server software to keep up on security.
Note that the low number of FileMaker vulnerabilities should be a good marketing point when trying to sell FileMaker over other platforms.