Since a lot of people seem to be upgrading older (sometimes very old) WordPress installations, here are a couple of links that will help with securing your sites.
Three Tips to Protect Your WordPress Installation - Matt Cutts
Hardening WordPress - codex
And yes, make sure you change your htaccess permissions back to 644 as soon as possible if you ever need to make it world-writable by setting them to 777 temporarily. And really, if you leave any of your theme files writable by WordPress, or leave the standard 'admin' user with full admin rights, you can count on getting hacked at some point.
Also it's a good idea not to run more than one WP installation from one MySQL database. Sure, you can change prefixes for each install and run several from one database, but if you do get hacked at some point you're making it easy to take down all your blogs with one click.
Lots of good tips in the comments to Matt's article too, don't miss reading those.
HTH