what???? i Can't believe it... it's been 11 months and nobody answered this....
As WordPress support is entire volunteer-staffed and community-based, we can't answer everything. This particular topic was probably buried after the day it was posted.
Which files are optional and which files are needed for the wordpress to functionnate correctly and not be easily hacked into...
You can safely delete
/wp-admin/upgrade.php , and
There are two things to keep in mind here:
1. Whenever you execute and automatic upgrade, these files will be replaced.
2. Security issues are addressed as quickly as possible, so as long as you stay up-to-date, you shouldn't have anything to worry about.
3 of my blogs got hacked and another site got changed due to openings into my other WP blog...
I doubt it was due to any exploits in the above files. There is an unfortunately popular hack that's affecting all PHP files (not just WordPress) under a few popular shared hosting providers. Remain calm and carefully follow this guide. When you're done, you may want to implement some (if not all) of the recommended security measures.