Matt Mullenweg talks about the need to keep up-to-date with upgrades to guard against security threats:
Matt discusses a new worm which exploits a vulnerability in older versions of WordPress. The attack creates an admin user and executes code through the “permalinks” functions. The current version of WordPress, 2.8.4, is not vulnerable to this attack.
Keeping updates current is one of the best ways to guard against hacks. If you haven’t upgraded yet, don’t put it off any longer.