There have been many flaws in WordPress over time, but it is extremely rare for WordPress to have a bug critical enough to enable a remote takeover.
What's most likely is that somebody got into another account on your shared server and was able to read and overwrite your files because you have incorrect permissions on those files. Set everything to 644 by default (your wp-config.php file should be 600, or 640 or 644, whichever is the lowest that allows the blog to continue to function). Some directories you may need to make 755. Occasionally (rarely) you may need to make one 775 or even 777. But those should be few and far between.
If you're running WordPress 2.0, you should upgrade to at least 2.0.8. There are some security issues that have been solved since 2.0. I would hold off on the 2.1 upgrade for now, unless you enjoy fiddling with things. :)