Even though I agree with Dougal’s point that security outweighs themes or plugins you don’t have to upgrade to 2.5, just upgrade to 2.2.3. And just because wordpress.org doesn’t link to the 2.2.3 version doesn’t mean it’s absolutly necesary for you to risk your peice of mind. Just check the revision log for all the changes from 2.2.3 branch and update the files manually. You can get the files individually or the entire released zipped from the wordpress trac.
With that said, you do have to upgrade…now!
I'm a 
I wouldn’t be so sure about that. I’m willing to bet that the response time for bug patches against 2.5 will be noticeably better than the last 2.3.x branch.
So, for most users (basic or advanced), I’d suggest sticking with the very latest released version.
I some what agree with the whole security outweighing themes and plugins. I do think security should be top priority, but at the same time usability for my users moves up there too.
My biggest problem (and this goes for what seems to be most all open source material I have found) that features outweigh security. Too many times you will get a new version with a slew of features (that most people probably don’t care about) instead of trying to develop a rock hard product.
I’d like to see more open source products put out a version, and spend all their time keeping it secure. Especially with something that is extensible like Wordpress, let the extensions introduce features and build a system around that.
that’s 2.3.2 to 2.3.3
it’s encouraging that there’s a milestone for 2.3.4 in trac, as well.