Give the gift of Drupal. All merchandise is 50% off through 2016.
The file manager packaged with versions of the fckeditor library older than 18.104.22.168 is vulnerable to a directory traversal attack, as described at CVE-2009-2265.
Therefore, I believe this module should refuse to activate the file manager if the installed version of the library is too old.
I personally only learnt about this problem via the debian security announcements list, which most Drupal site admins don't read. I believe that deprecating the older versions of this module is necessary for them to learn about this problem.
I have not written a patch because I preferred to upgrade this library for sites I maintain, and I believe the module maintainers can probably do this better, but if it would help I can write this patch and post it here.
(I have already reported this to the Drupal security team, but they informed me that security issues for external libraries not hosted on drupal.org are outside the scope of their responsibilities. I then reported this privately to a module maintainer via the user contact form on 18 July 2009, but received no response. So, I have decided to report this publicly.)