WordPress.Com, which is not the self hosting part of WordPress, has had 45,000  blogs hacked according to The Hackernews.com (link takes you to the full article)

When one owner of a site affected by the hacker, went onto his site, he saw there was a post, with this installed.

There was a hyper link back to a survey site.

Now if you did not take security of your site seriously, if a major business like WordPress.Com has sites hacked, any one could.