From the 'yes I've got WordPress envy' files:

The open source WordPress blogging software is out with version 2.6 which moves the system closer to being a Content Management System with version control functionality. Ohh and it fixes about 200 bugs, some of which are security related including what I consider to be a VERY important SSL enhancement.

WordPress's announcement states that there are, "A number of proactive security enhancements, including cookies and database interactions."

The SSL enhancement that I consider to be key is the fact that a WordPress admin can now force SSL on a user. From my lay understanding what that should enable is if a user goes to a login page (without HTTPS) they should get bumped to the HTTPS version which will prevent their passwords from being sent in clear text over the wire (and thus easily sniffed).

WordPress claims they had over 75 people contributing code to WordPress 2.6 which isn't too shabby either. Don't forget of course that earlier this year WordPress raised $29.5 million in financing. Not bad for a blogging tool that you can run for free if want too.

They've also put up a neat 3 min overview of features in WordPress 2.6 - check it out below: