Site now cleansed from JS/BlacoleRef.F.3 - but still open to attacks!

See: http://urlquery.net/report.php?id=223412
Clean status supported by quttera’s,
but still given as suspicious by zulu zscaler’s: http://zulu.zscaler.com/submission/show/57e807a4edabeba9900801932ba6b163-1353847877
Site still vulnerable according to sucuri’s: Wordpress internal path: /home/jrtnstre/public_html/hodowlaziemannk.pl/wp/wp-content/themes/twentyeleven/index.php
WordPress version outdated: Upgrade required.
Tips to consider for recovering: http://aw-snap.info/ (tips provided by Redleg the site-owner there)
After just a couple of minutes of evaluation I stumbled on two possible script attacks that could be performed against this site
as it’s software is not updated and patched against these script attacks
There is a html5-enabling-script attack possible against “wp-content/themes/twentyeleven/js/html5.js”
and also a script-attack against showcase.js just to mention two attack vectors that may threaten this site…

So many sites we encounter here where website threat assessment has not been performed at all and so site will put visitors at risk.
Website security assesment is a final consideration but at what a cost?

polonus