One of the features that is coming in WordPress 3.0 is the Plugin & Theme editors will be enabled for Super Admins (the new name for site admins). If you have a closed site with a known list of users, it will be a nice feature to have. On the other hand, if you have open registrations with a larger list of users, I strongly recommend that you disable the plugin and theme editor.
The aim of most website hacks is to gain access to the source code of the website to insert links to spam sites. If you disable the plugin & theme editor, you place another barrier between a hacker and the source code of your install. Cleaning up a couple hundred themes, is not an insignificant task. And, even one hack will cost you far more time than the convenience of the editors are likely to ever save you.
I’ve written a plugin that we will be installing in all of our MU installs before upgrading to WP 3.0 that disables both editors.
You can download it here: Disable Theme/Plugin Editors in WordPress 3.0 (851).
Updated: If the plugin causes issues with your theme’s options you can also add a line in wp-config.php to disable the editors
That was added to after I wrote this post