With the proper authorizations many people can perform a penetration test of the web site.  It should be fairly easy to run one, or contract to do it, and publish the results.  It would certainly be worthwhile to have some evidence of security in place. 

Some people can do the pen testing without authorization but not legally from the USA.