A full update will be posted soon, don't panic. Only people with the API key enabled was compromised (and will be reimbursed), passwords are securely stored one way in the database.

Security is obviously the most important thing to a Bitcoin wallet, and it's unfortunate that a compromise occurred, and we're learning a lot from it (things that pentests won't catch).

There will be a full update soon, but this compromise was not through a fault of the code but rather like a 'side channel' attack.