Before you make posts saying shit please understand this exploit before you go all bananas.
You can reset the admin password without confirmation, but you dont know the password, and unless you have access to the admin email account it does nothing.
http://www.milw0rm.com/exploits/9410
Proof of concept
Already a fix out, so dont cry about having to upgrade all the time, if you dont like the product, dont use it, simple.
fix, edit 1 line of the code
http://core.trac.wordpress.org/changeset/11798
