WordPress 2.3 security risks vs benefits
It's recently come to light that WordPress 2.3 will be sending a lot of identifying information from your blog back to WordPress.org.
As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings.
Matt Mullenweg(the WordPress guy) has been defending this move in this Google Group thread, insisting that everything is kosher. He also links to a couple plugins that he says will disable these features.
I'm not a big conspiracy person and I'm sure the information is being sent to WordPress for legitimate purposes, but it does add another risk that people will need to take into consideration. When I eventually update to 2.3 or newer, I'll be disabling these features because I prefer to manage risks myself rather than put that risk into others' hands. When updates and security fixes need to be made, I don't mind doing them myself if it means not having my plugins and server info sitting in a database somewhere. Even though I have full daily backups of my blog, it's just another small risk that's not worth the benefits to me. It may be for others, though.