Even if Wikimedia is not vulnerable, many other MediaWiki installations will be.
I'm not convinced yet that WikiMedia is not vulnerable! While at first the upload.wikimedia.org subdomain seemed to offer protection, my tests at
http://toolserver.org/~dschwen/test.html
indicate that when using the url http://commons.wikimedia.org/wiki/Special:FilePath/Gifar.gif to load the applet, it has no rights to connect to upload.wikimedia.org
Unfortunately it is late right now, so I don't have time to confirm if the server of origin is indeed set to commons.wikimedia.org as it seems at first glance, but if it is then I think I found an attack vector.