Sure, what you guys say is true in an advistory/absolute sense. Don't put your credit card number online, okay. But what about your family pictures, or your love notes, or your To-Do List, or your illness weblog?
With a few measures taken, people CAN use WordPress for your personal diary, NOT use it to attract visitors, stay OUT of most search engines. Perhaps a better answer to the original poster's question is how to accomplish a modicum of privacy for those who want such utility from WordPress (while understanding that the material is still on the internet and potentially accessible).
A very good essay on the Codex would be: _Privacy: Tips and Warnings_
My point is that WordPress doesn't have to fit 1 narrow definition of public blog competing for the most possible viewers. You can be relatively private with it if you want to. Finding out how, would be a good use for this thread.
For starters... (and the codex & forum should tell you this)
1. Disable all the RSS features (you will need to delete some of the wordpress files on your server). Another thread on the forum explains how, search for it w/ google.
2. make a Robots.txt file in the root level of your server, and tell search engines to ignore your private-blog folder. Look up robots.txt on google to figure out how.
p.s. because your current site has already been compromised, you might want to change the folder of your WordPress and change the URL's/permalinks, or just reinstall in another place; if that's not going to cause you some other problems.