I just upgraded today to 2.6.1 after being really lazy and was still on 2.1.
Reason for my upgrade was exactly what's being discussed here... Spam links in the source code of posts.
They were on individual posts and thank goodness on less than 20 posts, which I still had to manually edit.
One post had 3,075 links... Can you believe this????????? (no, I did not count.. lol... I pasted the links into NotePad2 which numbers each line)
I freaking had a MAJOR heart attack when I saw those links in the source, but a bit of relief when I saw that it was nowhere on the actual page/post and did not show on Feeds (I have tons of subscribers for my Feeds).
Anyway... Upgraded WP just a few hours ago and now I'm crossing my fingers as I haven't given enough time to see if the problem is solved.
Just hope that spammers won't find any new flaws on 2.6.1 in case it was fixed.