If you have not updated in a while you may want to have a look at your templates and upgrade your installs. If you read the linked article don’t skip the comments.
This is another of many reasons why this site has remained on MovableType.
On a couple of my wordpress installs on other domains I have been negligent in updating the installs and have had issues in the past. It’s to bad that wordpress users continue to suffer from security holes in older versions. [Deep Jive Interests]
This is EXACTLY what happened to me. There were directories in my wordpress that shouldn’t have been there. How they got put on there I have NO idea, but I had to go changing passwords and logins, and removing the offending directories. The weird thing is that I didn’t catch it. My host caught it and sent me an email. Whoever did the hacking was using it to spam people.
I did upgrade my wordpress, and haven’t had problems since, but I keep my eyes on it. Since I’m not a wordpress expert, I don’t always know what I’m looking for.
It’s funny you think movabletype is more secure than wordpress – it’s not. There’s been a security issue found in virtually every release of movabletype since 3.0, trying googling for them. It’s just that WordPress installs outnumber movabletype exponentially at this point which is why you hear about more wordpress breaches (usually due to bad directory permissions or plugins which are third party issues).