hi mika,
i looked at your site. theres a cpl things.
you MUST upgrade. your current version of wordpress IS exploitable – so yes, in a word, you have bad security.
regarding the link — if you didnt put it there, than its bad. Proceed as if your site has been hacked. Clean it up properly, and then upgrade. Upgrade your plugins as well.
Do not just upgrade, and think that youve done the cleaning up part. thats not how it works unfortunately.
for cleaning up:
Check for files that dont belong on your site (do this using an ftp client), directories that dont belong. Image files with changed timestamps — look at those. Its VERY common for there to be scripts on sites that are named in such a way to mask the fact that theyre scripts.
Look at your permissions. Do you have world writable files? Any world-writable directories? Are they necessary?
You need to look inside your database. Look for rogue plugins being loaded, look for rogue users (specifically look for a user named wordpress). You will NOT see rogue plugins or rogue users in your wp-admin/ area. You need to check your database.
Change your mysql password that wordpress uses (update your wp-config.php with that new password).
change your ftp password.
Change any admin level passwords on your blog.
etc.. theres quite a bit to do, more here:
http://wordpress.org/support/topic/277767?replies=7
Look at any other software thats being used on your site. Is it current?
