Take a look here: http://ma.tt/2011/08/the-timthumb-saga/ I assume you know who Matt is. Also, Matt mentioned this guy in that link, and he’s got some updates on the issue posted to his site http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
The short is, there’s now TimThumb 2.0 which is fixed. It’s available here http://code.google.com/p/timthumb/