A good blog post by a friend of mine:
Should you upgrade WordPress?
February 19, 2013 by Tim Priebe
My personal comment on Tim's article:
It is better to have a WP install that breaks from an update and have to fix it than to sit with an exploitable copy and then your ISP shut you down for send hundreds of spam of having a phishing page placed on your site you don't know about.