There’s a new security patch out which fixes an exploit that allows registered users to view trashed posts. The vulnerability was reported by Thomas Mackenzie, a security Enthusiast.
Make sure to update your WordPress to version 2.9.2 ASAP.
Source: WordPress Official Blog