WordPress 3.0.3 was released to the public yesterday (December 8, 2010). This latest release is a security update for all previous versions, which according to WordPress:
Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.
If you have users operating at those levels, it's a good idea to update your blog ASAP!