You can read the details of the exploit in the Slashdot entry, but basically, it relies on the fact that ARDAgent runs as root and can send AppleScript commands, such as do shell script, to the system it's running on. Given ARDAgent is running as root, any shell script launched by ARDAgent also runs as root, so such scripts run without prompting the user for their admin password and have full access to every file on the system. Obviously, this opens up a huge world of hacking possibilities. Unlike some other exploits, this one will also work on even a lowly guest account; an admin account is not required to take advantage of the security hole.
The good news is that this exposure needs to be exploited either by someone who already has access to your Mac, or by tricking you into downloading and running a program designed to look like something benevolent (known as a trojan horse) -- you can't be hacked by simply reading an email or visiting a malicious web page.
There are two ways to lessen and/or remove your exposure to this security hole.
The less-severe solution (but one not guaranteed to be 100% effective) is to enable the Remote Management feature (leave all the "All local users can..." features unchecked) in the Sharing System Preferences panel, as explained in the Intego security memo. When ARDAgent is running, it seems that it can't be used to run scripts in this manner. What I don't really know is if all scripts will fail 100% of the time, or if some scripts may still be able to run. I tested a few different things yesterday, and all failed when I had Remote Management enabled, but there aren't any guarantees -- it's quite possible there are methods that I'm not aware of that may still allow the scripts to execute.
A more-severe but guaranteed effective solution is to disable ARDAgent itself, which is located in /System » Library » CoreServices » RemoteManagement. Just take that file and zip it, so that you can unzip it before you install the hopefully-forthcoming Apple update -- if you delete the file, the update will fail if it's just a patch. Note that this solution will also disable screen sharing, so it may not be usable by everyone (myself included).
Until Apple figures out a way to patch this hole, the best way to stay safe is, as always, to not download and run software from untrusted sources. (Patching it may be tricky, because administrators really do need the ability to run root-enabled scripts remotely and non-interactively ... it will be interesting to see what solution Apple comes up with.)

