When I started blogging, I didn’t have a custom theme and relied on themes which were available on the Internet. I did have my favorite WordPress related blogs which listed out some really good themes and I usually downloaded themes from them.
Every once in a while I also preferred to use Google to search for "Free WordPress Themes". Now that I have my own custom built theme, I do not usually look for free themes anymore. However, many new WordPress users do use Google to find new themes for their blog.
The most common keyword for searching themes is "Free WordPress Themes". Now, this will land you thousands of results, but are they safe? Well, the WPMU blog did a comprehensive research on sites which showed up in Google search results and 9 out of the 10 top websites had Trojans or hidden code in the themes you downloaded from them.
The lone site which did not have any problem was the Official WordPress Themes Repository. The research done by the WPMU folks is a real eye-opener and I believe that many users wouldn’t even bother to look as closely as they did. To top it, many of the available themes are actually stolen and copyrighted from premium theme publishers.
I am experienced and advanced WordPress user, so I can figure these things out. However, millions of users out there are not as tech savvy as me and may be gullible to installing these so called "Free WordPress Themes".
The best thing we could do to stop this menace is to educate new users that it is best to download themes from the official WordPress repository as the themes there are free and also do not have sponsored links or Trojans. Remember, beautiful themes are not always free, they can ruin your website.
Last but not the least kudos to the WPMU folks for running such a research, it was an eye-opener indeed.