Let's face it WordPress is by far one of the most popular and successful Open Source projects to date. It boasts users from every walk of life, in various different capacities. It is for these reasons that WordPress has of late become the target to an ever increasing rate of various malicious attacks and what not.
My suggestion is that instead of pleading with users to ensure their sites are secure (well at least as secure as we can make them) we be proactive and give them the tools to do so right out of the box per say.
This can either be accomplished by distributing the plugin(s) along with the core, much like Akismet is done, or more preferably build the functionality directly into the core.