For a few days, two files on a Sourceforge mirror were modified to ship malware with phpMyAdmin. 400 downloads went out before Sourceforge shut down the mirror. Instead of taking over the world, the bad guys were stopped cold. Globally, Sourceforge counted 50K downloads of phpMyAdmin this week. This is another good reason to check your checksums and scan for malware before using any file from the web. Further, I don’t recommend using phpMyAdmin from the web. One should at least add a couple more layers of security to it like blocking any connection to/from it not from the database-admin’s workstation or using SSH to port the database to the database-admin’s workstation and only using a local copy of phpMyAdmin there.
Using phpMyAdmin from a reputable distro is another layer of security not to be overlooked. I recommend Debian GNU/Linux. Their package manager does verify packages.