It has become common knowledge that everyone should use ssh version 2 and whenever possible disable support for version 1. The initial version of ssh has some design flaws that makes it vulnerable to some attacks (check out dsniff). However, I just read the following comment from Theo de Raadt at the OpenBSD misc list:
I am actually more worried about security problems in the protocol 2 code which is roughly 4-5x as complicated. People's fears are misplaced. But it is fun to ride a meme, isn't it.
I hope he is not encouraging people to use version 1…