I've had a conversation in #wordpress just now after reading some more.
On my host, default files are
If I change files to 400 (which means apache can read the file only) the server flips the permissions to 600 immediately. With perms of 600, apache can write to the file.
As I understand it, these kiddie scripts get apache to write to the files, so if apache has write access, my files can get compromised.
Apparently, this has less to do with the software than it does the way hosts set up their server environments. This exploit can affect any file anywhere - and it's just that phpBB, WordPress and other software is so widely used that they are the ones that are nailed each time. (I would hazard a guess that having common filenames is also an element ?).
So from what I can gather, this WMF exploit does not look for WP files and find a security hole - it runs through a server that a host has set up lazily and cheaply. And hosts are hardly likely to hold their hands up to being cheapskates are they.
What does not help is that many hosts do not allow files to be 644 - they require files to be much higher in order for them to be used normally. Although this does not affect this expolit and is another issue, I think this is an area where hosts should be explored to find out what's what - after all, if 644 can be bad enough, 666 just makes it worse (and again, not exclusive to WP).
(And I know this isn't addressing the /wp-content issue !)