Here is Matt Mullenweg, the guy behind WordPress. He is here to explain to all how to keep WordPress secure.
A stitch in time saves nine. Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)
Rather than listening to “charlatan” security experts, the most important think is to keep your WordPress blog updated. So what are doing, are you upgrading or not?
WordPress Blog – How to Keep WordPress Secure