Seems like this is pretty much a re-write of a press release. WP will continue to be the target of malicious attacks because of it’s nature and design, including that many of the features are locked to certain URLs, making attacks much more easy. Automatic updates will not work for a number of installations (setuid anyone?).
Background updates sound like a good idea, but in reality opens up another potential path for malicious activities.
Article source: http://www.eweek.com/enterprise-apps/wordpress-3.7-debuts-improving-security-for-millions.html