I'd like to call your attention to this thread: http://groups.google.com/group/google-reader-troubleshoot/browse_thread/thread/39a7eef288c65dd0.
The thread describes how my own and others' blogs have been successfully hacked. At least four other people in the group and I have WordPress blogs. The effect is that spam posts show up in Google Reader although it does not appear on the person's own site. In the thread, Nick 120 correctly identifies the spam as showing up in a Google cache view (Source view) of my blog.
Seems like you'd want to know so that a security fix could be created.
My host support people (Oxxus.net) are removing the hacker's code and have removed some but not all. It appears to them that the attack was to 2.7.1 code. I'm on 2.8 now but the spam is still showing up.
Thanks, and if you have more information that could help us out of this jam that would be great.