My blog was hacked, see this thread for details.
I blame PHP. While it makes it easy to do a lot in a short space of time, it also makes it very easy to leave security holes in whatever you build with it. May PHP features are just begging for code-injection vulnerabilities unless you are very careful with how you use them.
One of these days I’m going to purge myself of PHP, which unfortunately will mean saying goodbye to WordPress :-/