UPDATE:

So MtGox has finally gone public with this information which is good, but I need to say a few words because people are totally panicking on all exchanges.

First, MtGox is exaggerating the problem. It is not as bad as it seems really. This exploit, of modifying transactions but keeping the signatures intact, is quite difficult to begin with. MtGox made it worse by publishing their transactions through an accessible API (but now the signatures have been redacted).

The worst thing that can happen is that the exchange may get stuck with transactions and what all the exchanges need to do is not automatically return the user's balance without doing some investigations first. For example, if some of the inputs (of the transaction) have already been spent, then further investigations are required. That is all.

You cannot steal someones else's coins, and there's nothing wrong with the bitcoin protocol per se.

What the Bitcoin core development team is trying to do, long-term, is to ensure that the byte encoding is unique for a given transaction. If you look at ASN.1 DER encodings, the whole point is to ensure that there's only one way to encode something so there's no ambiguity when to compute digital signatures. Otherwise we have this problem of two chunks of data that are equivalent but syntactically different.

Anyway, all this is just unnecessary panic. And if you have access to fiat I would consider this as an enormous buying opportunity.