dear matt, i have experienced a security hole in wordpress 2.6.1.
someone has installed a file called besucher.txt in the root of the blog.
Flash Tag Cloud 0.4
Flexo Archives 1.0.12
Get Recent Comments 2.0.2
Highlight Author Comments 1.0.3
Snazzy Archives 0.5.2
Subscribe To Comments 2.1.2
WP-PostRatings Widget 1.31
WP Auto Tagger 1.3.1
WP Super Cache
Hello Dolly 1.5
posted on the forum but no replies.
please excuse me for posting here, but i think this could be important.