aha.. it seems that WordPress has a known vulnerability which may allow an attacker to carry out an SQL injection attack, so we’ll have to watch out for a patch…
UPDATE 29-Jan: It has been reported that there is now a fix for this problem and that it involves an upgrade to WP-Stats 2.01. The problem was also localised to the Wp-Stats plug-in and has been patched. You can read more about the problem, and go directly to the source for the fix.