Those of you who are concerned about security are 100% right.
Answering to security concerns by providing stats on the number of download is 100% useless.
Regarding the issue we are talking here, you should read the following announcement if you are running WP <=2.0.5
http://www.hardened-php.net/advisory_022007.141.html
You might also want to read more about sql injection.
If you are a developer (let says a WP developer..), I would highly recommend you to use AT LEAST bind variables in all your SQL scripts and to avoid any string concatenation in your SQL statements, among others things.
I haven’t read any single line of code of WP, but the exploit is related to SQL injection.
