The Scratch website is transmitted over HTTPS, which ensures both that the pages are truly coming from the Scratch servers and that the pages are truly meant for the end user's browser.
Additionally, Scratch employs the technique of "sanitizing database queries", which prevents attackers from gaining access to arbitrary data. As well as that, much of Scratch's code is open source, which allows community members to point out flaws before they can be discovered by attackers.
Thus most attacks will be psychological, which makes Scratch Safety extremely important. Do not, under any circumstances, give away any personal information to anyone on Scratch, no matter how convincing they may be when they say they won't misuse such information. Anyone asking for personal information or threatening to hack Scratch should be reported.