I just think there is a big problem and no one is addressing it.
Sorry, only one cup of coffee and I hope you can appreciate my early morning humor.
What's not being addressed? One of the top sticky links on the forum:
From the Codex
iridiax had already posted a reply that clearly said plugins were "most likely these were not the cause of your hack" and gave you a link for remediation of your problem.
If a vulnerability gets discovered it get's addressed in short order. WordPress is used my a metric ton of people on the Internet so it's no surprise that it's a popular target for hacks. Spammer/exploiters go where the market is.
I still have no idea how I was hacked if I had version 2.8.4.
Neither do we. What you need to understand is that you got hacked but you have not identified if it was the remnant of you using an old version or your server was hacked. Or maybe you've been hacked and your passwords were captured. Or the boogey man.
It's a common refrain: "I don't know how I got hacked. I'm running WordPress so that must be it. Why is this not being addressed?"
Finding out how you got hacked does not work by process of elimination. Web servers are too complex to say "I ruled out everything so it must be XYZ". If you can provide logs showing where the entrance point of your compromise was, and can demonstrate that it was WordPress 2.8.4, send the logs and a description of the exploit to firstname.lastname@example.org.
But if security isn't given enough attention I'll be faced without a tough decision.
If you keep getting hacked and it's happened to you before or you switched from an .ASP solution to avoid being hacked, then seriously, consider moving to a managed service.
Good luck. I hope you find the entry point; if not you'll get hacked again.