I agree with this assessment:
All of this leads to one simple conclusion: if you want install to WordPress on a public-facing web server, don't. And if you insist on installing it, then you need to watch the trac like a hawk and be ready to patch faulty files as soon as flaws are discovered, because the WordPress team simply doesn't take security seriously. Even then you won't be safe because there will always be undiscovered flaws and you never know when someone might come knocking. I am not the only one who thinks this.