Someone gained server level access on to one of the servers that powers WordPress and put some code in a couple of files that could cause them to run some remote PHP execution. You can read more about this on the download site for version 2.1.2. They WordPress team has reset the files. But if you downloaded verstion 2.1.1 in the last couple days, you need to update immediately.
Thoughts and Experiences from the Mile High City of Denver, Colorado