Well done. You clearly know the security issues well!

*Adds upgrading WP to to-do list*

I won’t disclose any private information, but this one will convince you that your WP installation is vulnerable (I did not do anything harmful, just got the data):

* WP Table prefix: wpbbd_;
* site’s home directory is /nfs/c02/h05/mnt/22870/domains/problogdesign.com/html/;
* enough for now

But does it actually work faster? Or more stable?

Can’t say about “more stable” – I didn’t have a chance to use WP 2.3 for a long time.

Faster – yes (they have finally added several indices to the tables, although there are a few they have forgotten about). Of course, if you have a fast server, you won’t probably notice these changes.

They also have upgraded TinyMCE to 3.0.6 (personally I don’t use WYSIWYG, but 3.0.6 produces more clean code and less buggy than its 2.x ancestor).

WordPress became more secure (you are using 2.3.1, aren’t you). E.g., 2.3.x branch (at least up to 2.3.3) is vulnerable to directory traversal (because of insufficient handling of $_GET['cat'] in index.php befoire calling get_category_template() in wp-includes/theme.php. remote user could see any file on the system. Although this works only for Windows); WP 2.3.x due to a bug in xmlrpc.php allows to edit someone else’s post; in WP 2.3.1 if I have administrative privileges (can access wp-admin) I can view another user’s (even administrator) drafts; in 2.3.1, index.php?exact=1&sentence=1&s=%b3%27)))[SQL] allows to execute an arbitrary SQL statement (only Chinese blogs are affected, though); because wp-admin/edit-post-rows.php does not handle $_REQUEST['posts_columns'], this allows an XSS attack.

Finally, if I have read only access to wp_users table (I can do this by exploiting SQL injection vulnerability – let us leave the details), I can log in as you even without knowing your password. BTW, this vulnerability is widely exploited – you have probably heard about so called “wp_footer exploit” (search google for “search engine marketeers are the new script kiddies”).

So, have I convinced you to upgrade?

Vladimir,
But does it actually work faster? Or more stable? If it did, I’d upgrade! That would be an incentive.

It’s not that I dislike 2.5. It’s that I like 2.3 just as much as I like 2.5. For me, 2.5 is no better than 2.3 (Bar the fact I’ll need one less plugin for Gravatars).

As for security – if the development team does not announce that there were a hole in a previous release, it doesn’t mean that the previous release didn’t have it As we say here, “the less you know, the better you sleep”.

If your blog is working the way you want it to, why try to fix it?

And if it will work better (faster, more stable etc)? Why not make a backup and give it a try? You can always revert back if you dislike something