I had someone sneak some crap in somewhere, messed up my .htaccess file, and hid stuff somewhere, could never find it, but showed all sorts of evil links within the source code.

Best thing to do is make sure you keep a copy of your htaccess file, have a long, hard password for your blog, ftp access, and host access. Also, make backups of your blog themes, of course.

Your source code looks OK. I’d highly recommend Bad Behavior 2.0.14 and Peter’s Anti Spam comments (http://www.theblog.ca/?p=21) plugin. Also, one that closes comments after so many days, such as Comments Timeout (http://beingmrkenny.co.uk/wordpress/plugins/extended-comment-options/)

Those 3 would cut your spam down a lot.

As always, if thou needeth helpeth, let me know, lass!

I am also being told that when upgrading - it is HIGHLY advised to completely delete everything but the wp-config file and upload the fresh upgrade to ensure any files that were hacked are gone and avoid future vulnerabilities.

I have detailed/simple instructions on upgrading as well - if you need the link to them let me know.