I've looked and there were no changes to security. PIN entry still trivially leaks the key (even with 'LE Secure Connections'). Out-of-Band is secure but you can't use it because iOS and Android don't let you (except via NFC on Android). Just Works is inherently vulnerable to MitM (it's not really 'broken' but you can't use it if you want high security). Finally Numeric Comparison is apparently secure, but it requires a screen and buttons on both devices which is often not possible, and it's not the nicest user experience.
I was not aware of this[1], thanks for linking. Do you know whether the same is true for non-LE connections? I always thought those were secure, provided there are no bugs in the implementations.
[1] The paper's conclusion summarizes very nicely, though they write it formally and a little confusingly: the thing is utterly broken. They can read contents, even if they key exchange was not observed/captured, and they can inject traffic. Basically it's obfuscated plain text.
The non-LE protocol has been pretty difficult to breach from the hacker-hobbyist level. The communication protocol is incredibly complex, and the hardware simply doesn't exist to interface well with it. A lot of BT2.0 (ie: non LE) "security" comes from the fact it's just darn hard to interface with it.
That sounds weird, given that it's in so many devices. It runs on a normal frequency and is implemented in billions of devices, how is it hard to interface with?