Guess it's time to update, wordpress is out with version 3.0.2 and they state it as
a mandatory security update for all previous WordPress versions.

Anyways, the updated features are :

* Fix moderate security issue where a malicious Author-level user could gain further access to the site.

Other bugs and security hardening:

* Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
* Fix canonical redirection for permalinks containing %category% with nested categories and paging.
* Fix occasional irrelevant error messages on plugin activation. (#15062)
* Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
* Clarify the license in the readme.
* Multisite: Fix the delete_user meta capability.
* Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins.
* Multisite: Fix ms-files.php content type headers when requesting a URL with a query string.
* Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs.
Source :: Version 3.0.2 WordPress Codex