exploring the directory can be separately disabled.
the real risk comes from someone else who has access to your server. perhaps another web account on the same server. or a poorly written php script that allows a program to be uploaded that pretends to be a picture. let's say you let people upload pics without any checks, and a hacker uses it to upload a program. If you have execute access to the directory, he might be able to use that space to install *and run* his program.
now, these days, a chmod of 777 is not as risky as it sounds, at least not on a server wide level. it's just one layer of security. each virtual account is usually chrooted (actually, i don't think cpanel accounts do that, unless that's changed from the last time I used cpanel). you are running your own sort of virtual server environment. in other words, someone who hacks another persons account generally won't be able to even see your account space.
to hack into your space, it really needs insecurely written scripts in order to do it. so one thing to be concerned about is any plugin that uploads something. it simply must check the data it's plomping into your account space is actually what it's supposed to be.
the topic is too large to discuss here, and i'm not an expert. I've had encounters with some of these issues though. php, mysql etc. can have their own security flaws. be sure your webhost is on top of that end. for your end, be careful what you install into wordpress, and keep wordpress up to date. if a hole is discovered plug it. worry about these things more than a directory that has permission of 777. but still, change it to 755 if you can.