I guess everyone knows by now about what happened with WordPress release 2.1.1. It seems that a hacker managed to get an account on one of the download servers and tampered with some of the releases. He added some exploitable code that allows remote control of the blog (e.g. this usually means the possibility to delete all content). Then someone found this piece of code buried inside one release package and notified WordPress. They put up a new minor release fixing this exploit and some other bugs and are trying to find out who did it.
That’s pretty much the summary of what happened, and it is only to remind us of how important security is in the world of software. Even blogging software. So, if you’re using WordPress 2.1.1 you should update. You may not be affected, but why risk it?