Security by Default

What can we do as a hosting community to improve WordPress security by default? What are the current trends and best practices? What are future risks?