One of our websites was hacked last night, 8/28/2013. The hosting company narrowed it down to malicious coding that was added to a plugin called 'easy-career-openings', which was uploaded to the site through WordPress.org. The entire site was wiped out and replaced with garbage links and tables. We implemented a 3-attempt login lockout, but that didn't stop the hackers. When they couldn't get in by changing our username/password, they went in through a weak plugin.
Question: who at WordPress.org vets the plugins that are available through them?