Just wanted someone at wordpress to know that somehow a hacker was using twentyten's search.php to send out spam emails from my host. Not sure if you can find a way to prevent this or not. They were using the sendemail command (I believe), when I looked at my mail log.
It was from an old website that I had setup and have since removed it completely to prevent the hacker from accessing it. So, I'm not sure of the exact version that it was, but I created it earlier in 2012.