“Two things: 1) what are the odds? 2) should we be thinking about switching platforms?”

The odds of being compromised are no different then any other peice of software assuming the software (and plugins) is kept updated. WordPress from 2.7 (or was it 2.6) has made this incredibly easy, so there is no excuse to not have the WordPress installation up to date. You should not judge WordPress on how many exploits or bugs are found, but rather the speed in which they are patched/fixed. It’s also worth noting that just because a platform doesn’t have many or any exploits made public or patches issued, doesn’t mean that exploits/bugs don’t exist or that it’s any more secure (that’s not to say that it couldn’t be more secure, but it’s difficult thing to measure).

So no, I don’t think this (or indeed past or future security issues) is reason enough to change from WordPress to something else. The replacement will have its own security issues (not to mention another learning curve (although I encourage you learn anything you can that is useful or interesting), and probably a smaller community).

But if your going to change, Habari looks nice to me.