WordPress 3.0.3 has been released and it is yet another security update.
This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts.
These issues only affect sites that have remote publishing enabled.
Remote publishing is disabled by default, but you may have enabled it to use a remote publishing client such as one of the WordPress mobile apps. You can check these settings on the “Settings > Writing” screen.