The only users with the slightest exposure used FileVault in Snow Leopard or an earlier release and, when viewing the Security & Privacy preference pane after upgrading to Lion, clicked Keep Using Legacy FileVault when prompted. (A dialog reads "You're using an old version of FileVault" when you open that pane in such a circumstance.) If you clicked Turn Off Legacy FileVault, and never restarted the system in Mac OS X 10.7.3 and then logged in to a protected user account prior to that, you're fine. (Lion's FileVault 2 encrypts an entire disk, and as noted earlier, this flaw doesn't reveal its passwords.)
If you fit this bill, then the only problem you have is that the "secure.log" file that contains the debugging information from a 10.7.3 login to a protected directory falls into the hands of a malicious party who can then use that log to obtain your password. This could occur if someone with intent to access your files had physical access to your machine while you were logged in or could restart it in Lion Recovery or FireWire Target Disk mode. A ne'er-do-well could also access files from a Time Machine backup, such as on a shared Time Capsule disk.
Given the recent Flashback malware that affected as many as 600,000 Macs, it's not preposterous that future malicious software would attempt to scan logs for debugging passwords in order to gain administrative access to Macs as well.
How to fix the problem
The only curative solution until Apple patches the problem is to change the password on a FileVault account after every system restart or when switching accounts to log in. A changed password isn't logged. You could also disable FileVault access through the Security & Privacy pane, which exposes you to risk of your system being stolen and files retrieved, but reduces the chance of password theft.
For single-user systems, or multi-user Macs in which no one is concerned about hacking each other's accounts, you could also turn on FileVault 2 for more effective encryption and system protection. FileVault 2 doesn't individually encrypt each user's directory so that other users on the same system would have no access (account-based permissions doesn't protect against administrator access), but it does prevent access to a system without a password to one or more accounts enabled for boot-time access with FileVault 2. Read our Complete guide to FileVault 2 in Lion on how to proceed.
What's disturbing about this flaw isn't how many Mac users are exposed to it, but how simply sloppy it is, coming on the heels of Apple's failure to take Oracle's Java update and release its own version for Mac OS X in a timely fashion. Apple is behind the security eight-ball, a place it rarely finds itself. It needs to step up its game.
[Glenn Fleishman had his Unix password file stolen once in 1995, and he's never been quite the same. He is a senior contributor at Macworld, a writer of the Economist's Babbage blog, and the author of several books on security and networking.]