Wordpress has a very fast development cycle, and often there are 2 or more major updates each year, along with minor updates spread in between these. Something you need to remember is:
Major updates can be huge security risks.
When upgrading Wordpress from, say Wordpress 2.7 to 2.8 a large amount of changes in the software have been made. These changes generally bring with them new parts in the code that can be exploited.
Luckily, there is a simple solution. If there is a major update:
Wait.
Wait for 1-2 minor updates to be released, and then upgrade to that version. Security becomes the foremost concern for developers after a major update, so the first couple of minor updates following will eliminate most of the exploits that are found.
Granted, I’m quite the hypocrite as I write this because I’m often too impatient and will upgrade my Wordpress straight away just to play around with the new features. But it’s important to understand the risk you’re introducing.
Something I should do is setup a separate installation of Wordpress, only used for playing around with new features, and then upgrade the original copy of Wordpress at a safe time. That’d be the smart way to approach it.