WordPress is like Windows, it's a huge target so hackers are extra-motivated to exploit it.There has been a bunch of brew-ha-ha over WordPress security over the last week or so. It started off a few weeks ago with a really easy URL hack to reset the Admin's password. That ballooned into a far nastier exploit allowing a new admin to be created who could totally hose a site. Matt Mullenweg does a little damage control here by essentially saying the best way to stay secure is to stay updated to the latest version. I wholeheartedly agree, and think that that step is just a part of a complete security breakfast (the upcoming book will have lots on security). I have probably nearly 20 WordPress sites I maintain and every single one of them was at 2.8.4. It's so trivially easy to upgrade, It's a no-brainer.