In the case of these sorts of scripts, I tend to take the stance that it doesnt matter whether or not something is currently exploitable and here's why:
For arguments sake, lets say the current WP core isnt exploitable. Thats wonderful. What about plugins? What about in the future?
Ive seen hundreds, nearly thousands of attempts at this sort of thing in my own mod_sec logs. 'They' do not hammer away at one file. They try all kinds of files, including well-known plugin filenames.
Ive also seen attempts at files that dont even exist .. gallery files, coppermine, phpBB files, joomla files.. etc..
Gallery and coppermine are rife with users that dont take care of security upgrades, more so than WP, in my opin.
Consequently, if one can take steps to stop them BEFORE they get through the door, why not do it? Its called layered security :)
Advising otherwise is like telling someone that there hasnt been any crime in their neighborhood for the last month so they should feel safe leaving their front door open.
And yes, Otto, I know you werent directing your remarks(s) @ me.