In March there was a DDOS attack that used many (160,000) wordpress sites to flood other websites. This was done because wordpress now has xml-rpc on by define.
It is possible to turn off xml-rpc using a plugin.
http://wordpress.org/plugins/remove-xmlrpc-pingback-ping/
This adds a filter without the need of editing your own pages.
For more info on the attack see: