John Gruber continues to post informative updates on the security hole situation. [And he promises that this post will be his definitive one, updated in the future as needed.] His opinion is that a sufficient fix at the moment is:

• Install Apple's "Security update 2004-05-24" (confusingly, this update was actually released on 2004-05-21)
• disable "disk:", "disks:" and "afp:" URI handlers (this does not stop you from, e.g. mounting AppleShare volumes normally)
• set the "ftp:" URI handler to anything except the Finder (e.g., Interarchy)

I expect we'll see another fix from Apple within a day or two.