Step 1: When hacking a site, pull up the HTML source code, look for indications of the server running scripts with vulnerabilities.
Step 2: Search the web for reports of security flaws regarding aforementioned server scripts
Step 3: Hack said site using exploits matching the version the webmaster so helpfully advertised to you
It only takes one vulnerability of one version to be very bad news, as when you advertise version numbers (let alone scripts), you are helping the world select the perfect exploit to use.
Not all exploits are found by white hats and reported. There could be a flaw in any version of any plugin, and so long as they are advertised in html, people are far more at risk.
It is security through obscurity, which is not ideal, but is certainly preferred to advertising "I'll help you hack me!" in your html source. Even wordpress adds a version # in the html source, which they should absolutely know better.
To all who wish to remove the wordpress version # from your html, seeing as the topic is here, add this to your theme functions.php file:
There may be a similar method to prevent SEO from adding the version # to the html source, but I'm no wordpress developer. I got that code from this security conscious article which warns of exactly what I just mentioned.
Again, Yoast makes a wonderful plugin, but with anything this complex made by one guy, mistakes can happen, and advertising a script and version number does nothing but help hackers hack. The best wbesites out there are the ones you can't tell what script they run or, better yet, make you think it is a different script running in a different language.