Brian wrote in to remind me that on my shift 27-MAY-2010 I failed to mention VMware's release of VMSA-2010-0009 (http://lists.vmware.com/pipermail/security-announce/2010/000093.html) which addresses a number of security vulnerabilities (43 or so) in ESX/ESXi 4.0.

He also points out a handy resource for hardening vShere noted here: http://blogs.vmware.com/security/2010/04/vsphere-40-hardening-guide-released.html