Well, technically not Wordpress, but your hosting is probably vulnerable.
From http://www.darkreading.com/database_security/security/attacks/showArticle.jhtml?articleID=224300052&cid=nl_DR_DAILY_2010-04-13_h if you want to read the whole thing.
There was an attack on Wordpress blogs hosted at Network Solutions, but your host is probably guilty as well.
The gist of what happened is the wp-config.php was readable by the world and the crackers got access to the database passwords and logins which are stored in that file in plain text.
It is a Wordpress problem because that was considered best practice. In reality, none of your file need to be world readable, only readable by the web server, so you can safely eliminate any world read permissions.
If that is over your head don't panic. Just ask your host.