The fix malware problem Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the administrative page from your hosting company.
No software system is resistant to bugs and vulnerabilities. Security holes will be found and bad guys will do their best to exploit them. Keeping your software up-to-date is a fantastic way to stave off attacks, once security holes are found, because their products will be fixed by software sellers.
Recently, the blog published a news article and of Reuters was hacked by an unknown hacker. Since Reuters is a popular news site, their reputation is ruined because of what the hacker did. The same thing may happen to you in the event you don't pay attention on the security of your WordPress blog.
As I (our fictitious Joe the Hacker) understand, people have far too many usernames and passwords to remember. You've got Twitter, Facebook, your online banking, LinkedIn, two blog logins, FTP, web hosting, etc. accounts that all include logins and More about the author passwords you will need to remember.
Don't use wp_ as a prefix for your own databases. That default is being eliminated by most web hosting providers now but if yours does not, fix wp_ to visit homepage anything but that.