By all accounts this Sony "rootkit" incident is not as blatant or as bad as the music one of days past. It IS EXPLOITABLE, but not as easily or as dangerously as the "old" one. Besides; the user gives permission for this one to be installed, unlike the old hidden installation.
Here is F-Secure's take on it and I recommend everyone read it. It will tell you why this one is not so bad and why it is still exploitable.
Update to the update; McAfee's take in this gives much, much more detail, including explicit directions on how to use the *darned* thing in anger. See it here.