After a pointer from rc3, I read an interesting article earlier today:
In short, 9 of the top 10 Google search results for free WordPress themes provide themes full of malware and spammy links. The one site that doesn’t is the official site. Unfortunately, I have to say from experience that the free themes on the official site are consistently poor in quality.
The theme I was using before was clean, but the design quality was low. I began to consider buying a quality theme somewhere, but the article did point out two decent sites that have some quality free themes:
I can’t vouch them, as all I have to go on is the word of that article. I did end up adopting the free TypeBased theme from the latter site, and I am very happy with it so far. It’s well-designed, polished, and it integrates nicely with WordPress 3.0.
Oddly, Theme-Check does flag TypeBased as using base64_encode() and base64_decode() functions, but from what I can tell it’s in the legitimate context of an FTP API.