ergophobe - 11:28 pm on Nov 1, 2013 (gmt 0)
there is an approval process
Yes, but no oversight that I could see of a dedicated security team who, discovering an exploit in one plugin, will grep through the entire repo of plugins and find others with the same code (common).
Also no automated notices from the site itself except apparently with the Wordfence plugin. But such practices are not built into the community.
There's a fair bit that Wordpress as an organization could do to keep the community at large informed and more secure, but unfortunately I think they have never built in the infrastructure for it, so it's hard to roll it out now.