here is a suggestion for the people that matter at wordpress. It's sort of a basic idea, but one that I really think you guys and gals need to get a grip on:
Fix the current version before you release the next version.
There are many, many people out there using version 2.3.x to run their blogs. I know there is a "new" version 2.5.x out there, but that new version adds a bunch of features / code / options / forced choices that not everyone wants to make. Further, many bloggers are more interested in writing blogs, not uploading, updating, and trying to debug new features that they may or may not have wanted.
So the idea is this: There is a security hole in 2.3.3 - can someone please make a 2.3.4 or 2.3.final that fixes the security hole and gives people who want to stop the elevator at 2.3 a chance to run their blogs? Right now the choices are run an insecure blog that gets hacked repeatedly, or upgrade your blog and fix whatever else breaks in your theme, sidebars, and plugins and hope you can get back to the same level of operation you were at. I see too many people just not making that choice at all, and ending up with insecure older blogs with current posts, hidden link hacks, and all sorts of other problems because the choices presented aren't good for anyone.
The same at 2.5.x - rather than adding any more new features in the 2.5 range, can you please just fix, repair, and secure the current issues and complete the 2.5 tree at that point,and consider new ideas, new fuctions, or new database layouts for 2.7 (or even better, the long awaited 3.0.0).
Let's make the versions secure.