Took some time last night to read through Miss 604's WordCamp Fraser Valley Liveblog to see what I'd missed. When I read Kulpreet's question, "... how many people with websites can go to www.theirwebsite.com/wp-content/plugins and actually see the list of plugins", I thought, Okay, I'll give that a try. Whoops! Lookit that! There they are! Plain as day!
First I read and applied many of the tips in the WordPress Security Whitepaper which Kulpreet mentioned in his talk. I also installed and ran the WordPress Scanner, a WP plugin (from the same guys who wrote the whitepaper) that performs a number of security checks of the site.
I also had a read through the 9 easy ways to secure your Wordpress blog.
So I am feeling a lot better now that no-one can browse my plugins directory, guess my admin user name, or any number of other nasty hacks.
You should do this too. Go. Do it now.