A friend just forwarded me this e-mail he received from the Amazon EC2 Security Team.
http://pastebin.com/q1VH4rmF
Looks like a public Ubuntu EC2 image was available that included an SSH key to allow the publisher to log into any instance that is using this image as root.