There is a new release of WordPress that fixes a issue that allows an attacker to reset the first account in the database (usually the admin account). It doesn’t allow remote access, though can be fairly obnoxious.
More Information:
http://wordpress.org/development/2009/08/2-8-4-security-release/
http://core.trac.wordpress.org/changeset/11798