My website was recently hacked and I had a hard time figuring things out, but here's what I've done. (not sure if this will prevent it from happening again...)
First I tried to re-install WP. That didn't work because the access had been denied.
I tried using FTP to delete the WP files and folders. Access was denied again.
Finally I changed the permissions to 755 - fortunately this allowed me to delete all of the old WP files/folders.
I noticed that the '.htaccess' file had been changed - I deleted the offending code and saved the new file.
Now, I'm pretty sure that the permissions are set to 755/folders and 644/files.
Is there any other loopholes that still exist in 3.0?