Update: I just tested it on my server and it hurts. Dirty exploit:
top - 13:29:56 up 36 days, 1:06, 12 users, load average: 45.95, 13.40, 4.66
I'm working on a workaround...and
<Files ~ "wp-trackback.php">
Deny from all
Add that to your apache config file to disallow wp-trackback.php on every site hosted on the server.
A nasty workaround, but will help until a real fix is out.